Data Collected
See what data is collected by the Sentry SDK.
Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application.
We are currently working with high priority on improving defaults and providing more control over what data is collected and sent to Sentry by the Sentry Rust SDK to align with our data privacy principles.
In the meantime, here is the information about what data is collected by the Sentry Rust SDK. The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK.
By default, the Sentry SDK sends all HTTP headers captured by sentry-actix and sentry-tower (with http feature enabled) to Sentry. For both integrations, it's possible to exclude certain headers from being sent by registering an additional middleware on your HTTP server and setting header.set_sensitive(true) on the headers you want to exclude.
All request cookies are sent to Sentry. Server-side scrubbing rules are in place that will filter out certain well-known cookies that contain sensitive data.
By default, the Sentry SDK doesn't send any information about the logged-in user, such as email address, user ID, or username. User information can be manually captured by calling scope.set_user and providing the appropriate user information.
By default, the Sentry SDK doesn't send the user's IP address. To enable automatic IP address collection for sentry-actix, set send_default_pii to true in your sentry::init options. User IP information can be manually captured by calling scope.set_user and providing the user's IP address.
The full request URL of incoming HTTP requests captured by sentry-actix and sentry-tower (with http feature enabled) is always sent to Sentry. Depending on your application, this could contain PII data.
The request query string captured by sentry-actix and sentry-tower (with http feature enabled) is always sent to Sentry. Depending on your application, this could contain PII data.
The request body of incoming HTTP requests is not sent to Sentry by default. When using sentry-actix, the Sentry SDK can capture the request body. A prerequisite for this is to set send_default_pii to true in your sentry::init options. Then, whether the request body is sent or not, depends on the type and size of request body as described below:
- The type of the request body:
- JSON and form bodies are sent
- Raw request bodies are always removed
- Uploaded files in the request bodies are never sent to Sentry
- The size of the request body: There's a
max_request_body_sizeoption that's set toMaxRequestBodySize::Mediumby default, which governs the maximum size of request bodies that are sent to Sentry.
If you want to prevent request bodies from being sent to Sentry altogether, set max_request_body_size to MaxRequestBodySize::None.
When using the Sentry Debug Images integration, some metadata about the shared libraries and executables currently loaded in memory by the running process is sent to Sentry. This integration is enabled by default when using the sentry crate via the debug-images feature flag. You can opt out of this feature by excluding the debug-images feature from your feature flags for sentry in your Cargo.toml.
When you use Source Context, you explicitly upload your source code to Sentry. This is fully opt-in and not controlled by the Sentry SDK.
Our documentation is open source and available on GitHub. Your contributions are welcome, whether fixing a typo (drat!) or suggesting an update ("yeah, this would be better").