If you include EU personal data in the service data you configure to be collected and reported to Sentry, you must comply with GDPR. This document highlights key GDPR requirements, how Sentry can help you with compliance, and additional steps you may need to take.
Download the PDFLawful Processing — Have in place GDPR-compliant contractual terms with your processors — the third parties that handle EU personal data on your behalf.
Sentry makes available a Data Processing Addendum, with contractual terms that govern both your and Sentry’s rights and responsibilities for the data, as required under GDPR. This includes our commitment to handle the data in accordance with your instructions as your processor.
Data Minimization — Limit data processing to what is necessary for your purposes
Sentry has built-in tools and functionalities to enable you to control and manage the data you send to Sentry, including through Sentry’s configurable SDKs and data scrubbers.
You control the data you send to Sentry, and are responsible for minimizing personal data to what is necessary for your purposes.
Data Transfer - Have a valid mechanism for data transfers out of the EU
Security of Processing - Appropriate technical and organizational measures to ensure security of processing.
We build security into our product, perform rigorous testing, and implement security, privacy, and compliance controls set to global standards.
Notices and Consents - Provide notices or obtain consents necessary to engage third-party processors, such as Sentry
We disclose to you the third parties we engage to help us process your data (i.e., our subprocessors) and commit to notify you of any changes to such subprocessors, as required under GDPR. For certain Sentry services, this may require you to subscribe to our RSS feed, as set forth in our Data Processing Addendum.
You may have your own notice and consent obligations.
Consider whether you need to:
Your obligations depend on how you deploy Sentry, the local laws that apply to you, and the nature of your relationship with the EU individuals to which the data relates (e.g., direct or indirect).
Respond to Data Subject Requests Respond to requests from EU individuals to exercise their GDPR rights (e.g., delete, receive a copy of, or exercise other rights with respect to their personal data)
Sentry’s responsibility is to assist you with any requests you may receive from EU individuals to exercise their GDPR rights with respect to any of their personal data incorporated in service data. We do so by:
You are responsible for responding to data subject requests. This means you should:
As used in this document, the EU refers to the European Union and GDPR refers to the General Data Protection Regulation (Regulation (EU) 2016/679). We also refer to GDPR terms such as “data subject”, “personal data”, “processor”, “processing” (and its derivatives) and “transfer”. Check out the definitions set forth in the GDPR.
This guidance is intended to be informative and highlight compliance areas you should consider. It is not intended to be legal advice. Ultimately, you should consult with your own legal counsel to determine the specific GDPR compliance obligations that apply to you and your business.Here’s a quick look at how Sentry handles your personal information (PII).
×We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?We may disclose your PII to the following type of recipients:
You may have the following rights related to your PII:
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.