Security & Privacy
How Callout protects your users' data.
Callout is designed so that collecting feedback and running onboarding doesn't mean compromising privacy.
The Short Version
- User data (names, emails, IDs) is encrypted at rest with per-project keys
- The widget runs in an isolated environment — your site can't access it, and it can't access your site
- No cookies. No tracking scripts.
- Console errors are automatically scrubbed of passwords, API keys, and email addresses before leaving the browser
- All communication over HTTPS
- A domain allowlist prevents unauthorized websites from using your project
- Feature flags are dashboard-controlled and can't be tampered with from the browser
What Callout Collects
When a user submits a bug report:
| Data | Can Disable? |
|---|---|
| Their description and category | No (user-initiated) |
| Screenshot | Yes — enableScreenshot: false |
| Page URL, browser, OS, viewport | No |
| Console errors | Yes — enableConsoleErrors: false |
| User identity | Yes — don't call identify() |
What Callout does NOT collect: cookies, localStorage contents, form values, network requests, keystrokes, mouse movements, or data from other tabs.
Encryption
User data is encrypted at rest. Each project gets its own encryption key, derived automatically. Even if one project were compromised, other projects stay secure.
For lookups (like finding a user by email), Callout uses one-way hashes — the email is never stored in readable form.
Widget Isolation
The widget runs in a fully isolated environment. Your site's CSS can't break it, its CSS can't break your site, and scripts on your page can't access the widget's internals.
Responsible Disclosure
Found a vulnerability? Report it to [email protected].
Related
- Application Settings — configure domain allowlist and feature toggles
- Identity & Traits — how user data is collected and encrypted