Privacy Policy

Reecordly (“we”, “us”, “our”) operates the Reecordly web application at https://reecordly.com and the Recordify — Bug Recorder Chrome extension. This policy explains what personal data we collect when you use either product, how we use it, how long we keep it, and the rights you have over it. It applies to every user, everywhere.

We only collect what we need to run the service. Nothing is sold to third parties, and we do not run ad-tracking pixels.

• Provide the core service: store your recordings, let you play them back, share them via a link, and organise them inside your workspace.
• Authenticate you: keep you signed in across browser restarts, re-issue tokens when they expire, and let you reset your password.
• Attach reproduction context to bug reports: the console logs, network requests, DOM snapshot, and user events captured during a recording are saved alongside the video so your team can reproduce the issue.
• Send transactional email: email verification codes, password reset links, workspace invitations. We do not send marketing email.
• Keep the service running: basic operational logs (request timestamps, IP address, user agent) for debugging, abuse prevention, and rate-limiting. Retained for 30 days.

The Recordify Chrome extension only captures data from a tab while you have explicitly started a recording on that tab. It does not run in the background, it does not scrape the pages you visit, and it does not send anything anywhere until you choose to upload. While a recording is in progress it may capture:

• Screen, window, or tab video (your choice via Chrome's picker).
• Microphone and/or webcam audio/video (if you enabled them).
• Browser console logs, network requests (URL, status, timing — never request bodies), user events (clicks, keystrokes, scrolls) and a DOM snapshot from the recorded tab.

When you stop the recording, everything is uploaded to your own Reecordly workspace. If you cancel the recording instead, all captured data is discarded locally and never leaves your machine.

• Database (PostgreSQL): hosted on our VPS in the European Union.
• Video and media files: Cloudflare R2 object storage.
• Transactional email: delivered via Namecheap Private Email (SMTP).

All traffic between your browser/extension and our servers is encrypted using TLS 1.2+ with certificates issued by Let's Encrypt. Passwords are hashed with bcrypt; session tokens are signed with a server-side secret and stored as HTTP-only cookies.

• Account data — until you delete your account.
• Recordings — until you delete them, or until your account is deleted.
• Server access logs — 30 days.
• Email verification codes and password reset tokens — expire within 15 minutes of being issued.

When you delete your account we erase your personal data and all of your recordings within 30 days. Backups are overwritten within the same window.

We do not sell, rent, or trade your data. We share it only with the processors that run the service:

• Cloudflare — R2 object storage for video files (under a data processing agreement).
• Contabo — VPS hosting (EU region).
• Namecheap Private Email — transactional email delivery.
• Google Drive — only if you choose to export a recording to your own Drive, via the OAuth2 drive.file scope, which restricts us to files created by the extension.

We do not use Google Analytics, Meta Pixel, Mixpanel, or any third-party advertising SDK.

If you are in the EU, UK, or Switzerland you have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (“right to be forgotten”) — available in your account settings or by email.
• Export your data in a machine-readable format (JSON) — available on request.
• Restrict or object to certain processing.
• Withdraw consent for any processing that was based on consent.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at noreply@reecordly.com. We respond within 30 days.

We use a small number of strictly necessary cookies: an HTTP-only access_token cookie to keep you signed in, an HTTP-only refresh_token cookie to refresh it, and a theme-preference cookie. No advertising cookies, no analytics cookies, no cross-site tracking.

Reecordly is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

When we update this policy we change the “Last updated” date at the top of the page. For material changes we will also notify registered users by email at least 30 days before they take effect.

Questions, requests, or complaints about this policy or about how we handle your data:
noreply@reecordly.com