Privacy Policy

Effective Date: February 14, 2026

BitDive ("we", "us", or "our") is committed to maintaining the highest standards of data privacy and security. This policy outlines our practices regarding the collection, use, and protection of data within the BitDive SaaS platform and the BitDive Java Agent.

1. The Principle of "Zero-Trust" Observability

Our architecture is designed to minimize the collection of sensitive data. Unlike traditional profilers, BitDive prioritizes local-first processing:

PII Masking at the Source: The BitDive Agent can be configured to mask or drop sensitive fields (e.g., credit card numbers, passwords, emails) before they leave your infrastructure.
Selective Capture: You control exactly which packages or methods are instrumented, preventing the accidental capture of sensitive business logic.

2. Information We Collect

2.1 Account Information

To provide the Service, we collect:

Professional email address (for authentication and critical alerts).
Organization name and project identifiers.

2.2 Telemetry and Trace Data

During the operation of the Service, the BitDive Agent sends:

Method Metadata: Method names, execution times, and call sequences.
Infrastructure Context: JVM version, memory usage, and basic system metrics.
Captured Evidence: SQL queries (normalized) and selected method arguments used for Deterministic Verification.

For users in the European Economic Area (EEA) and the UK, we process data as a Data Processor under the instructions of the user (the Data Controller).

Legal Basis: We process data based on our contractual necessity to provide the Service and our legitimate interest in improving platform performance and security.
Data Subject Rights: You have the right to access, rectify, or erase your personal data. BitDive provides tools within the dashboard to manage and delete captured trace data.

4. Sub-processors

We use a minimal set of trusted sub-processors to maintain our infrastructure:

Hosting: Primary infrastructure is hosted on secure, SOC2-compliant cloud providers.
Analytics: Microsoft Clarity and Google Analytics (anonymized) are used to monitor website performance.
Communication: SendGrid or similar services for transactional emails.

5. Security Architecture

Encryption: All data in transit uses TLS 1.3 with Perfect Forward Secrecy. Data at rest is encrypted using AES-256.
Isolation: Each BitDive project is logically isolated. Data from one organization is never accessible to another.
Regular Audits: We conduct internal security reviews and vulnerability scans to ensure systemic integrity.

6. Data Retention

Trace Data: By default, detailed execution traces are retained for 30 days (standard) or longer (enterprise), after which they are automatically purged.
Aggregated Metrics: High-level performance metrics are retained for historical trend analysis.

7. Contact our Privacy Team

If you require a signed Data Processing Agreement (DPA) or have specific compliance questions (SOC2, HIPAA, ISO 27001), please contact us:

BitDive Data Privacy Office
Sterling House, 6-10 St Georges Road
London, SW19 4DP, United Kingdom
Email: privacy@bitdive.io

1. The Principle of "Zero-Trust" Observability​

2. Information We Collect​

2.1 Account Information​

2.2 Telemetry and Trace Data​

3. Data Processing and GDPR Compliance​

4. Sub-processors​

5. Security Architecture​

6. Data Retention​

7. Contact our Privacy Team​