Scrubbing Sensitive Data
As with any third-party service it’s important to understand what data is being sent to Sentry, and where relevant ensure sensitive data either never reaches the Sentry servers, or at the very least it doesn’t get stored. We recommend filtering or scrubbing sensitive data within the SDK, so that data is not sent with the event, and also configuring server-side scrubbing to ensure the data is not stored.
There are two great examples for data scrubbing that every company should think about:
- PII (Personally Identifiable Information) such as a user's name or email address, which post-GDPR should be on every company's mind.
- Authentication credentials, like your AWS password or key.
- Confidential IP (Intellectual Property), such as your favorite color, or your upcoming plans for world domination.
If you do not wish to use the default PII behavior, you can also choose to identify users in a more controlled manner, using our user identity context.