Frequently Asked Questions
Everything you need to know about Bugtri. Can't find what you're looking for? Get in touch.
Getting Started
The basics of what Bugtri is and how to get up and running.
Bugtri is an AI-powered triage platform for vulnerability disclosure and bug bounty programmes. It connects to your shared mailbox (e.g. security@yourcompany.com), reads incoming vulnerability reports, sanitises sensitive data, analyses them with AI, and delivers a structured triage summary back to your inbox - all within minutes.
Bugtri is built for small and medium businesses that receive vulnerability reports but don't have a dedicated security team to triage them. If your team spends hours reading through spam, duplicates, and AI-generated reports to find the real threats, Bugtri automates that process.
Most teams are up and running in under 2 minutes. Connect your mailbox via OAuth (Google Workspace or Microsoft 365), paste your AI provider API key, and you're done. No agents to install, no code changes required, no infrastructure to manage.
Yes. Every plan includes a 30-day free trial with full access to all features in that tier. No credit card required to start. See our pricing page for details.
How It Works
The triage pipeline, mailbox connection, and what happens to your data.
Bugtri uses standard OAuth 2.0 to connect to your shared mailbox via Google Workspace or Microsoft 365. We request read-only access with minimal scope permissions. We never send emails from your account, modify messages, or delete anything. Connection takes under 2 minutes.
Before any report text is sent to your AI provider, Bugtri automatically sanitises it by replacing sensitive data (URLs, IP addresses, email addresses, domains, and custom patterns you define) with safe placeholder tokens like __URL_1__ or __IP_1__. Your real infrastructure details never reach the AI provider. Tokens are restored in the final triage email.
Bugtri supports OpenAI, Anthropic (Claude), Google Gemini, and other API-compatible services. You provide your own API key, so your data is processed under your own terms and is never used to train AI models.
Each triage summary email includes: a decision badge (Auto-Decline, Queue, Fast-Track, or Urgent), a risk score out of 10, the AI's confidence rating, an executive summary, the key factors that influenced the score, and the full original report appended below for complete context.
Customisation
Scoring, auto-responses, and tuning Bugtri to your risk appetite.
Yes. You can adjust scoring weights, decision thresholds, impact bucket values, and multipliers for exploitability and authentication. Choose from built-in presets (Lenient, Default, Strict) or create a fully custom configuration that matches your organisation's risk appetite.
Yes. You can configure automatic acknowledgement, decline, and escalation emails per triage decision type. Templates support variable placeholders (researcher name, subject, reference ID, company name) and configurable delays so responses feel natural.
If the AI's self-assessed confidence falls below your configured threshold (default 40%), auto-decline decisions are automatically overridden to Queue - ensuring a human always reviews uncertain assessments. You can adjust this threshold in your scoring settings.
Yes. You choose which categories are redacted - URLs, IP addresses, email addresses, domains - and can add custom regex patterns for organisation-specific data. Each category can be toggled independently so you only sanitise what matters to you.
Privacy & Security
How we protect your data and keep your infrastructure details safe.
You control this. By default, report data is stored to power your dashboard and analytics. You can enable auto-purge to delete data after a configurable retention period (7 to 365 days), or trigger a manual purge at any time. You can also disable storage of vulnerability details entirely.
No. Bugtri uses your own API key to connect to AI providers. Your data is processed under your terms with that provider. Bugtri never sends your data to any AI service using our own keys, and we never use your data for training, fine-tuning, or any purpose beyond providing the triage service.
Bugtri implements TLS encryption in transit, AES-256-GCM encryption at rest for sensitive credentials, bcrypt password hashing, CSRF protection, rate limiting, Content Security Policy headers, and session management with configurable idle timeouts. Admin accounts support TOTP multi-factor authentication. See our Security page for full details.
Bugtri's infrastructure is hosted in the United Kingdom. For Enterprise customers, custom data residency options are available. All data transfers comply with UK GDPR and applicable international data protection frameworks. See our Privacy Policy for full details.
Billing & Plans
Pricing, trials, refunds, and changing your plan.
Yes. All plans come with a 30-day money-back guarantee. If Bugtri isn't the right fit, contact us within 30 days for a full refund - no questions asked.
Yes. You can upgrade or downgrade at any time from your dashboard. Changes take effect at the start of your next billing cycle. If you need a custom plan for high-volume usage, contact our sales team.
We'll notify you when you reach 80% of your monthly limit. If you exceed it, new incoming emails will be queued until your limit resets at the start of your next billing cycle or you upgrade your plan. No data is lost.
We accept all major credit and debit cards via Stripe. Enterprise customers can arrange invoicing and bank transfer payments. All transactions are processed securely through Stripe's PCI DSS Level 1 certified infrastructure.