Two things: the issueshot.com waitlist (this website) and the IssueShot browser extension. They handle data very differently, so each has its own section below. The short version — the website collects your waitlist email; the extension has no server and never receives your screenshots or tokens at all.
If you fill out the waitlist form, we collect your email address and your answers to two short questions ("Would you pay $9/mo?" and which tracker you use). The form is hosted by Tally, where the responses are stored.
We also use Cloudflare Web Analytics for aggregate visit counts. It's privacy-first: no cookies, no cross-site tracking, no fingerprinting.
To decide whether to build IssueShot, and — if we do — to send you one email when early access opens (plus the occasional short update if you opted in). That's it. We don't sell, rent, or share your email with anyone.
Every email includes an unsubscribe link. Want your data deleted entirely? Email support@issueshot.com and we'll remove it.
No account, and no IssueShot server in the bug-capture path. When you capture, annotate, and file a report, nothing routes through us — we never receive, store, or see your screenshots or your tracker tokens, and there is no analytics inside the extension. One scoped exception applies once the paid plan launches: an optional Pro license check, described under Pro licensing, payments & subprocessors below — it sends only a license key, never a screenshot or tracker token.
Your tokens stay local, and encrypted at rest. Each tracker API token is encrypted inside your browser with AES-GCM under a non-extractable key (the key itself cannot be read back out of the browser); only the resulting ciphertext is kept in chrome.storage.local. A token is decrypted in memory only to sign a request to that tracker's own API — Linear, Notion, or GitHub — and is sent only there to authenticate you. It is never transmitted to IssueShot. Strong at-rest encryption is real defense-in-depth, but it is not an absolute guarantee against malware running inside the browser itself.
Reports go straight to your tracker. When you file a report, the annotated screenshot plus the page URL, browser, OS, and viewport are sent directly from your browser to the Linear, Notion, or GitHub account you connected — and nowhere else. IssueShot never touches them.
What the extension does not collect. No browsing or tab history, no clickstream, no keystrokes, no location, no in-extension analytics, and no personal or payment data by design. Only the single page you choose to file is ever included, and only at the moment you click Send.
You control the content — and should redact before you file. Screenshots are yours, and the pixels under a redaction are removed from the exported image, not merely hidden. Two things to know. First, the built-in blur tool applies a mosaic, which can be partially reversible for small, low-entropy content like full card numbers or SSNs — so do not rely on blur alone for true secrets; cover those areas with a solid, opaque redaction (or remove them from the shot) before filing. Second, filing to GitHub writes the screenshot as a real Git commit into a .issueshot/ folder in your repository (your token needs Contents: write): that commit is permanent in your repo's history and, on a public repository, world-readable — so redact sensitive content before filing to GitHub. If Contents: write isn't granted, a clean text-only issue is filed instead.
Pro history (a planned paid feature) keeps a rolling 90-day list of your reports stored encrypted in your browser — it is never uploaded to us. Uninstalling the extension removes all locally stored data.
We'll keep this section current as the extension evolves, and publish any deeper security details on the site.
The free bug-capture path above has no server. The optional Pro plan (post-launch) is the one place IssueShot's own backend is involved, and only for licensing and billing — never for your screenshots or tracker tokens.
License check. When Pro is active, the extension validates your license key against an IssueShot service at issueshot.com (a Cloudflare Worker). That request contains only your license key and a device/instance identifier — no screenshots, no tracker tokens, no report content. The service stores your license status and the billing email tied to your subscription so Pro stays active across your devices.
Payments. Payments are handled by LemonSqueezy, our merchant of record. LemonSqueezy collects and processes your payment details and billing email and handles sales tax/VAT; IssueShot never sees or stores your card information. LemonSqueezy and Cloudflare are US-based subprocessors. We do not sell or share your personal information.