Our privacy commitment is simple: We strive to collect the minimum amount of information necessary to provide our service to you. This starts with our product, which is designed from the ground up to keep your data local, and to conform to your security and compliance posture. You can read more about our security posture at


We do need to collect some data to operate our service. To the extent possible, we scrub the data we collect of customer confidential details and provide controls for customers to opt-out.

It's important to us that our data collection practices are clear and easy to understand, so we've documented our general data collection framework here. You can find our full Privacy Policy at balsa.com/privacy.

What we collect

Data collection on our website

We use Fathom to track page views, unique users, and other traffic statistics like visitor country on balsa.com, support.balsa.com, and our other websites. This data is completely anonymous and cannot be tied to a specific person.

Data collection in Balsa Build

During signup, we collect customer email addresses.

As you use Balsa Build, we record various events and statistics as well as crash reports. While we generally analyze these in aggregate, the underlying data is associated with individual Balsa Build users. This helps us reach out to people on an occasional basis to understand problems and get feedback.

Most data collection in Balsa Build can be turned off in Settings. We do require our apps to check with our servers on an ongoing basis, to make sure the current user has an authorized Balsa Build session. This cannot be turned off. We need this information in order to understand who is using our software, so we can someday collect payment and operate our company at a profit. 🙂

In addition to telemetry and crash reporting, we generate log files on users' computers. These are only transmitted to us when you take explicit action to send them.

Data scrubbing

Our first course of action is to avoid collecting data in the first place. When we do collect it, we strive to filter any data that could be customer confidential.

Here are some examples of things we include and exclude from our logs, telemetry, and crash reports:

Included in telemetry

  • App version
  • HTTP request and response metadata, like status code and headers (excluding authentication header values)
  • Task metadata, like project, status, or number of comments
  • Jira and GitHub URLs
  • Search queries

Scrubbed from telemetry

  • Jira and GitHub API credentials
  • HTTP cookie values
  • Task titles and descriptions
  • Jira project names
  • GitHub PR diffs
  • Contents of attachments
  • Text of comments on tasks