Back to all legal docs

Privacy Policy

Version 2.2.1 of This Agreement was created on November 10, 2020 .

At Sentry, we provide real-time error tracking for your web apps, mobile apps and games, which gives developers the insight needed to reproduce and fix crashes.

Sentry is committed to protecting and respecting your privacy. This Privacy Policy (this “Policy”) sets out how we collect and process personal information about you when you visit our website sentry.io, when you use our products and services (our “Services”), or when you otherwise do business or make contact with us.

Please read this policy carefully to understand how we handle and treat your personal information.

What information do we collect?

Sentry collects data to enable us to operate the Services effectively, and to provide you with the best experiences on our website and our Services. You provide some of this data to us directly, such as when you register to use our Services, subscribe to a newsletter, respond to a survey, make an enquiry through our website, contact us for support, or contact us as a prospective customer, vendor, supplier, or consultant. We get some of your data by recording how you interact with our website and our Services by, for example, using technologies like cookies. We also obtain and process data in the context of providing the Services.

Learn more

You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to enable us to provide the Services, you may not be able to use all or part of those Services.

The data we collect depends on the context of your interactions with Sentry, the choices you make (including your privacy settings), and the Services you use. The data we collect can include the following:

  • Name and contact information. We may collect your first and last name, email address, password, postal address, phone number, company information, and other similar contact data.

  • Payment information. When you make purchases on our website, a secure window will be opened directly to our payment provider (currently, Stripe), and any payment information that you provide is sent directly to the payment provider. We have no access to that information.

  • Customer information. When you subscribe to our Services from your website, game, or app, you will control what event data is collected and stored on our systems. For example, you might ask Sentry to log basic user data (e.g., email address or username), device identifiers, IP addresses, event type, and related source code. In such cases, we act as a data processor, in accordance with your instructions.

  • Device and Usage information. We may collect data about your device and how you and your device interact with Sentry and our Services. For example, we may collect:

    • Use data. We may collect data about the features you use, the Services you purchase, and the web pages you visit. This also includes your interactions on our website, and your interactions with us via email.

    • Device, connectivity and configuration data. We may collect data about your device and the network you use to connect to our Services. This may include data about the operating system and other software installed on your device, including product keys. It may also include IP address, browser type, operating system, and referring URLs.

What do we use your information for?

We use the data we collect to operate our business, and to provide the Services to you. This includes using the data to improve our Services, and to personalize your experiences. We may also use the data to communicate with you to, among other things, inform you about your account, provide security updates, and give you information about the Services. We may also use the data to manage your email subscriptions, improve the relevance and security of our website, respond to user enquiries, send you periodic marketing communications about our Services, and improve the relevance of our advertising.

Learn more

Providing and improving our Services. We use data to provide and improve the Services we offer, and to perform essential business operations. This includes operating the Services, maintaining and improving the performance of the Services, developing new features, conducting research, and providing customer support. Examples of such uses include the following:

  • Providing the Services. We use data to carry out your transactions with us and to provide the Services to you. In certain cases, the Services include personalized features and recommendations that enhance your productivity and enjoyment, and automatically tailor your experience based on the data we have about you.

  • Technical support. We use data to diagnose product problems, and to provide other customer care and support services.

  • Improving the Services. We use data to continually improve our website and our Services, including system administration, system security, and adding new features or capabilities.

  • Business Operations. We use data to develop aggregate analyses and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.

  • Recruitment. If you apply for a job with us, we use your data for recruitment purposes.

  • Promotions. We may use your data to administer contests, promotions, surveys, or other site features.

  • Improving Advertising Campaigns. We may use your data to improve our advertising campaigns, primarily in an effort to prevent targeting of impressions via third-party channels when they are not relevant to you.

  • Sending Periodic Emails. We may use your data to send you periodic emails. Depending on the marketing preferences you select on your privacy dashboard, we may send you occasional marketing emails about our products and services, which you can unsubscribe from at any time using the link provided in the message.

  • Generally. We use data to respond to your enquiries and requests relating to our Services, to create and administer your accounts, and to provide us with information and access to resources that you have requested from us. We also use data for general business purposes, including, among other things, to improve customer service, to help us improve the content and functionality of our Services, to better understand our users, to protect against wrongdoing, to enforce our Terms of Service, and to generally manage our business.

Communications. We use data we collect to communicate with you, and to personalize our communications with you. For example, we may contact you to inform you when your subscription is ending, to discuss your account, to let you know when updates are available, to remind you about features of the Services that are available for your use, to update you about a support request, or to invite you to participate in a survey. Additionally, you can sign up for email subscriptions, and choose whether you want to receive marketing communications from us.

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (e.g., credit cards, social security numbers, financials) will not be stored on our servers. For more information, please review our Security & Compliance Policy.

How do we ensure that our processing systems remain confidential, resilient, and available?

We implement a variety of measures to ensure that our processing systems remain confidential, resilient, and available. Specifically, we have implemented processes to help ensure high availability, business continuity, and prompt disaster recovery. We commit to maintaining strong physical and logical access controls, and conduct regular penetration testing to identify and address potential vulnerabilities.

Learn more

High Availability. Every part of the Services utilize properly-provisioned, redundant servers (e.g., multiple load balancers, web servers, replica databases) in case of failure. We take servers out of operation as part of regular maintenance, without impacting availability.

Business Continuity. We keep encrypted backups of data every hour in multiple regions on Google Cloud Platform. While never expected, in the case of production data loss (i.e., primary data stores loss), we will restore organizational data from these backups.

Disaster Recovery. In the event of a region-wide outage, we will bring up a duplicate environment in a different Google Cloud Platform region. Our operations team has extensive experience performing full region migrations.

Physical Access Controls. Sentry is hosted on Google Cloud Platform. Google data centers feature a layered security model, including extensive safeguards such as custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. According to the Google Security Whitepaper: “The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Data centers are also routinely patrolled by professional security guards who have undergone rigorous background checks and training.” Sentry employees do not have physical access to Google data centers, servers, network equipment, or storage.

Logical Access Controls. Sentry is the assigned administrator of its infrastructure on Google Cloud Platform, and only designated authorized Sentry operations team members have access to configure the infrastructure on an as-needed basis behind a two-factor authenticated virtual private network. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location.

Penetration Testing. We engage an independent, third-party agency to perform black box penetration testing on an annual basis. Information about security vulnerabilities that are successfully exploited through penetration testing is then used to set mitigation and remediation priorities. If you are a customer on one of our “Enterprise” plans, we will provide a summary of penetration test findings to you upon request.

Intrusion Detection and Prevention. Unusual network patterns or suspicious behavior are among Sentry’s biggest concerns for infrastructure hosting and management. Google Cloud Platform’s intrusion detection and prevention systems (IDS/IPS) rely on both signature-based and algorithm-based security to help identify traffic patterns that are similar to known attack methods. IDS/IPS involves tightly controlling the size and make-up of the attack surface, employing intelligent detection controls at data entry points, and developing and deploying technologies that automatically remedy dangerous situations, as well as preventing known threats from accessing the system in the first place. We do not provide direct access to security event forensics, but we do provide access to our engineering and customer support teams during and after any unscheduled downtime.

For more information, please review our Security & Compliance Policy.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. You can choose to disable cookies, but if you do, your ability to use or access certain parts of our website may be affected.

Learn more

We use cookies and other similar identifiers to understand and save your preferences for future visits, to advertise to you on other sites, and to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

You may refuse to accept cookies by activating the setting on your browser that allows you to refuse the setting of cookies. You can find information on popular browsers and how to adjust your cookie preferences at the following websites:

However, if you choose to disable cookies, you may be unable to access certain parts of our site. A banner asking you to accept our cookies policy will be displayed upon the first visit to our website (or the first visit after you delete your cookies). Unless you have adjusted your browser setting so that it will refuse cookies and/or you have not accepted our cookies policy, our system will issue cookies when you log on to our site.

Our web pages may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites, and to count users who have visited those websites. We may also include web beacons in our promotional email messages or newsletters, to determine whether and when you open and act on them.

In addition to placing web beacons on our own websites, we sometimes work with other companies to place our web beacons on their websites or in their advertisements. This helps us to develop statistics on how often clicking on an advertisement on a Sentry website results in a purchase or other action on the advertiser’s website.

Finally, our Services may contain web beacons or similar technologies from third-party analytics providers that help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These technologies enable the analytics providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across applications, websites or other products. However, we prohibit these analytics providers from using web beacons on our sites to collect or access information that directly identifies you (such as your name or email address). 

Do we disclose any information to outside parties?

We share your personal data with your consent, or as necessary to provide the Services to you. We also share your data with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our Services; and to protect our rights or our property.

Learn more

We share your personal data with your consent, or as necessary to provide the Services to you. We also share personal data with vendors or agents working on our behalf for the purposes described in this Policy. For example, companies we have hired to provide cloud hosting services, off-site backups, and customer support may need access to personal data to provide those functions. In such cases, these companies are required to abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose.

We may disclose your personal data as part of a corporate transaction such as a corporate sale, merger, reorganization, dissolution, or similar event.

Finally, we will access, transfer, disclose, and/or preserve personal data, when we have a good faith belief that doing so is necessary to:

  1. comply with applicable law or respond to valid legal process, judicial orders, or subpoenas;
  2. respond to requests from public or governmental authorities, including for national security or law enforcement purposes;
  3. protect the vital interests of our users, customers, or other third parties (including, for example, to prevent spam or attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone);
  4. operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks;
  5. protect the rights, interests or property of Sentry or third parties;
  6. prevent or investigate possible wrongdoing in connection with the Services; or
  7. enforce our Terms of Service.

We may use and share aggregated non-personal information with third parties for marketing, advertising, and analytics purposes.

We do not sell or trade your personal information to third parties.

How to Access and Control Your Personal Data

You can view, access, edit, delete, or request a copy of your personal data for many aspects of the Services. You can also make choices about Sentry’s collection and use of your data. How you can access and control your personal data will depend on which Services you use.

You can always choose whether you want to receive marketing communications from us. You can also opt out from receiving marketing communications from us by using the opt-out link on the communication, or by visiting your account’s privacy dashboard.

Learn more

Data Access and Portability. You can request a copy of your personal data by submitting an online form at sentry.io/contact/gdpr/ and selecting “Please send me a copy of my personal data” and including an email address. Sentry will verify your ability to access that email, then send you a digital export of the data we hold that is associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Certain customer data that you upload directly to the Services can also be exported directly via the Sentry API, documented at docs.sentry.io/api/.

Data Erasure. You can request that Sentry delete your personal data by submitting an online form at sentry.io/contact/gdpr/ and selecting “Please delete my personal data” and including an email address. Sentry will verify your ability to access that email, then delete the personal data associated with your email address. All customer data stored on our servers is eradicated upon a customer’s termination of service and deletion of account after a 24-hour waiting period to prevent accidental cancellation. Data can also be deleted upon request via Sentry’s REST API and UI. You have the ability to remove individual events via “bulk delete” of all events within an issue, and you can permanently remove data related to any given tag. You can also delete certain data yourself, by following the instructions here. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please note that we retain billing and usage metadata about a company or individual as required for compliance with law and regulation.

Data Correction. You can modify your personal data by submitting an online form at sentry.io/contact/gdpr/ and selecting “Please update my personal data” and including an email address. Sentry will verify your ability to access that email, then update the fields where possible within the Services. In some cases, data can be modified via sentry.io and via the sentry.io API. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request.

Your Communications Preferences. You can choose whether you wish to receive marketing communications from us. If you receive marketing communications from us and would like to opt out, you can do so by following the directions in that communication. You can also make choices about your receipt of marketing communications by signing into your account, and viewing and managing your communications permissions in your privacy dashboards, where you can update contact information, manage your contact preferences, opt out of email subscriptions, and choose whether to share your contact information with Sentry and our partners. Alternatively, you can request that we withdraw consent to use your personal data by submitting an online form at sentry.io/contact/gdpr/ and selecting “Please withdraw my consent” and including an email address. Sentry will verify your ability to access that email, then delete the personal data associated with your email address. We will use reasonable efforts to respond to your request within 14 days, but in all events within 30 days of our receipt of the request. Please note that these choices do not apply to mandatory communications that are part of the Services, or to surveys or other informational communications that have their own unsubscribe method.

Occasionally, at our discretion, we may include or offer third party products or services on our website or through our Services. If you access other websites using the links provided, the operators of these websites may collect information from you that will be used by them in accordance with their privacy policies. These third party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Where we Store and Process Personal Data; International Transfers

In order to provide our Services, personal data collected by Sentry may be stored and processed in the United States and other countries where Sentry or its affiliates, future subsidiaries or service providers maintain facilities. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. Wherever data is processed, we take steps to ensure that the data we collect is processed according to the provisions of this Policy and the requirements of applicable law.

This means that we transfer personal data from the European Economic Area (“EEA”), the United Kingdom (“UK”) and Switzerland to other countries, some of which may not provide an equivalent level of protection for personal data. When we engage in such transfers, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, including standard contractual clauses that have been approved by the European Commission. In addition, Sentry has certified to the EU-U.S. Privacy Shield to help safeguard personal data that we collect and process from the EU and the UK in the United States. Please see our Privacy Shield notice below for more information.

EU-U.S. Privacy Shield

For personal information that we receive from the European Union and the United Kingdom, Functional Software, Inc (our registered company name) has certified its compliance with the EU-U.S. Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the EU and the UK. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity & Purpose Limitation and Recourse, Enforcement & Liability when processing personal information from the EU and the UK in the U.S. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To access the Privacy Shield List and to find details of our certification, please visit: www.privacyshield.gov

Learn more

Functional Software, Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regards to our compliance with the Privacy Shield.

Residents of the European Union who believe that their information has not been processed in compliance with the Privacy Shield Principles may raise their complaint in a number of ways:

(1) You can contact us directly using the contact details provided below and we will respond to your complaint within 45 days of receipt:

Email Address: security@sentry.io

Mailing Address: 45 Fremont Street, 8th Floor, San Francisco, CA 94105

(2) We have further committed to cooperate and comply with the panel of the European data protection authorities (DPAs) as our independent recourse mechanism in the resolution of your Privacy Shield complaint. As part of our compliance with the General Data Protection Regulation (GDPR), we have registered with Austria as our Supervisory Authority (which acts as our “lead DPA” for all matters related to GDPR compliance. Their contact information is:

Österreichische Datenschutzbehörde Wickenburggasse 8 1080 Vienna Austria / Europe

Telephone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
Website: www.data-protection-authority.gv.at
Director: Ms. Andrea Jelinek

If you are unsatisfied with the response you have received from us, or your complaint remains unresolved, you can contact your local DPA (contact details available [here][localdpa], and they will investigate your complaint free of charge.

[localdpa]: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

(3) Further, your complaint may be referred to the U.S. Department of Commerce or the FTC for further investigation;

(4) Please contact us with any questions or concerns relating to our Privacy Shield certification. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

If we have received your personal information in the U.S. under the Privacy Shield, and subsequently transfer that information to a third party agent or service provider for processing, we will be responsible if our third party agent or service provider fails to process your personal information in compliance with the Privacy Shield Principles and this causes you harm.

Data Retention

We may retain your personal information as long as you continue to use the Services, have an account with us, or for as long as is necessary to fulfill the purposes outlined in the policy. You can ask to close your account by contacting us at the details above, and we will delete your personal information on request.

We may, however, retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.

Learn more

We will retain your personal data for as long as necessary to provide the Services to you, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different types of data in the context of the different Services we provide, actual retention periods can vary significantly. The criteria we use to determine the retention periods include:

  • How long is the personal data needed to provide the Services and/or operate our business? This includes such things such as maintaining and improving the performance of the Services, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.

  • Is there an automated control, such as in your privacy dashboard, that enables you to access and delete the personal data at any time? If there is not, a shortened data retention time will generally be adopted.

  • Is the personal data of a sensitive type? If so, a shortened retention time would generally be appropriate.

  • Has the user provided consent for a longer retention period? If so, we will retain the data in accordance with your consent.

  • Is Sentry subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act.

As part of the California Online Privacy Protection Act, all users of our site may make any changes to their information at anytime by logging into their control panel and going to the ‘Edit Profile’ page.

Changes to our Privacy Policy

We will update this privacy statement when necessary to reflect customer feedback and changes in our Services. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how Sentry will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Sentry is protecting your information.

How to Contact Us

If you have a technical or support question, please contact us via our online form.

If you have a privacy concern, complaint, or a question for the Data Protection Officer of Sentry, please contact us by sending us an email at compliance@sentry.io. We will respond to questions or concerns within 30 days.

Unless otherwise stated, Functional Software, Inc. is a data controller for personal data we collect through the Services subject to this statement. Our address is Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105.

Contact Us

If you have any questions or concerns about our Privacy Policy, please contact us at:

Email address

security@sentry.io

Mailing address

45 Fremont Street
8th Floor
San Francisco, CA 94105

© 2021 • Sentry is a registered Trademark
of Functional Software, Inc.