Scrubbing Sensitive Data
As with any third-party service it's important to understand what data is being sent to Sentry, and where relevant ensure sensitive data either never reaches the Sentry servers, or at the very least it doesn’t get stored.
These are some great examples for data scrubbing that every company should think about:
- PII (Personally Identifiable Information) such as a user's name or email address, which post-GDPR should be on every company's mind.
- Authentication credentials, like your AWS password or key.
- Confidential IP (Intellectual Property), such as your favorite color, or your upcoming plans for world domination.
We offer the following options depending on your legal and operational needs:
- filtering or scrubbing sensitive data within the SDK, so that data is not sent to Sentry. Different SDKs have different capabilities, and configuration changes require a redeployment of your application.
- configuring server-side scrubbing to ensure Sentry does not store data. Configuration changes are done in the Sentry UI and apply immediately for new events.
- running a local Relay on your own server between the SDK and Sentry, so that data is not sent to Sentry while configuration can still be applied without deploying.
Ensure that your team is aware of your company's policy around what can and cannot be sent to Sentry. We recommend determining this policy early in your implementation and communicating it as well as enforcing it via code review.
If you are using Sentry in your mobile app, read our frequently asked questions about mobile data privacy to assist with Apple App Store and Google Play app privacy details.
If you do not wish to use the default PII behavior, you can also choose to identify users in a more controlled manner, using our user identity context.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) to suggesting an update ("yeah, this would be better").