1

I'd like to get started on using automatic bug reporting based on uploading uncaught exception stacktraces, e.g. with sentry.io and the raven Java client. I will definitely let the users allow or deny the use of the services (once or at every start depending on whether a "don't ask me again" option is chosen). Do I have to include some explicit permissions and disclaimers into the approval message? I'd formulate it so that it includes the fact that it's very helpful to the software and that I try my best to exclude personal information which might fail due to a programming error for which I'm not accountable.

Apparently sentry.io doesn't bother linking information about that on their privacy site which only covers the relation between the user of their service (me) and them, but not the users of the software using their service ("my" users). I'm not sure if they're aware of that problem.

The software is licensed under GPLv3.

Kalle Richter
  • 8,008
  • 26
  • 77
  • 177
  • Depends on what data is sent. If the bug report contains any kind of personally identifiable data then you must explicitly say so and explain why you need the data and what you intend to do with it. IANAL, but as far as I know if you intend to receive, store and process personally identifiable data from EU citizens and you are in the EU, you may have to register as a Personally Identifiable Data Operator with the relevant authority in your country. – AlexP Jan 20 '17 at 20:29

1 Answers1

1

It sounds like you primarily want to avoid sending PII. The relationship between you and your users (and any privacy guarantees) is up to you. If you're worried about storing PII and you're the primary author of your software, you may want to look over our controls around sensitive data. If you always store private information in fields like "userEmail" or "address", you can set Sentry up to discard this information (we'll never store it).

If you want to avoid sending all information unless users opt-in, you can always by default not instantiate the raven client.

ehfeng
  • 3,807
  • 4
  • 33
  • 42
  • Thank you. Based on you using "our", I assume you work at Sentry. If that's the case I recommend adding a link to "sensitive data" to the privacy notes or next to them. My question is about the "up to you" part, though. – Kalle Richter Jan 20 '17 at 22:09
  • No problem. As for the "up to you" part, that's more a legal question, which you'd likely be hard pressed to find an answer on SO. – ehfeng Feb 08 '17 at 06:41