The General Data Protection Regulation (GDPR) is a set of rules enforced on 25th May 2018. The GDPR gives EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

Raygun is committed to GDPR compliance across all products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts.

As a Raygun customer, your data will be treated in accordance with the GDPR legislation.

Security of our customer's data is our number one priority. Raygun customers can continue to run their global operations using Raygun in full compliance with EU law. The Raygun Data Processing Addendum (DPA) is available to all Raygun customers that are processing personal data whether they are established in Europe or a global company operating in the European Economic Area.

Raygun has appointed a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations.

Raygun has implemented tools for administrators in your account settings to ensure they comply with GDPR and EU law, making it easy for you and your team to manage compliance.

Raygun account owners have the functionality to agree and sign the Data Processing Addendum (DPA) between Raygun and your organization from within your account settings.

You can complete the agreement (DPA) from your Plan Settings page. This can be found by clicking on the top right dropdown in the Raygun app and then clicking on your plan name.

Head to the Privacy and Compliance page, and click Review and accept beside the Data Processing Addendum (DPA) option.

‍

Once you have reviewed and accepted the DPA, you can assign a Data Plan Protection Officer and EU Representative.

This creates the agreement between Raygun and your organization.

Does Raygun comply with GDPR (General Data Protection Regulation) with regards to the data of Raygun customers?
Yes.

Can I view Raygun’s Data Processing Addendum (DPA)?
Yes. This can be found here.

Where is the Raygun data stored geographically? Under which jurisdiction?
All Raygun data is stored in the US-EAST-1 region of the AWS Datacenter.

Does Raygun collect any Personally Identifiable Information (PII) from customer’s applications about their users, and what kind of data?
Raygun provides the ability to control the data you send to us from your applications. All Raygun providers offer the ability to exclude specific and sensitive information before being sent for us to process. Some Raygun features allow you to send IP address information, email addresses, usernames, and other custom data to assist with issue diagnosis. Raygun does not collect this information by default. You are in full control of the data you send to us.

How long is the data retained for?
Data will remain in your Raygun account until your data retention period expires for that data, or you manually choose to delete this information from your account settings.

How can I opt-out of sending PII data to Raygun?
You can opt out of sending PII related data to your application from your Application Settings page. You can navigate to this page by clicking on Application settings in the sidebar of your Raygun app.

The User Information section allows you to:
- Disable IP address storage
- Disable geolocation lookups

‍

How do I prevent sensitive data from being sent into Raygun?
You are in complete control of the data you choose to send to Raygun. Should error and session details contain data you do not wish to be processed, Raygun allows you to remove sensitive information on the client side before the data is sent to us. For more information on how to accomplish this, please see this article.

How can I handle user data deletion requests inside Raygun?
To help you with GDPR compliance, Raygun exposes the controls that allow you to:

‍
- Find a user’s data
- Export the user’s data
- Delete the user’s data

You do not need to rely on a Raygun team member to do this for you. It’s all built right into the Raygun app.

If you have any issues, please contact us and we’ll be glad to help.

How can I delete a single error instance?
In some situations, you may want to delete an error instance (not just a group). To do this, open the error group which contains the error instance you need to delete. Raygun will give you a list of instances to delete.

Deleting error instances cannot be undone and won’t affect your data quota.

How long does it take to ensure the data is deleted?
Raygun stores a lot of data for customers. A single customer could easily account for hundreds of gigabytes of data. Due to this, deletes can take some time to process. When a delete is triggered, a background process starts removing the data associated with that user. It can take time, but you should be thinking in minutes or hours, not days or weeks.

How do I know that when a deletion action is taken, data is definitely not kept inside Raygun?
Firstly, all activity in Raygun is audited. So in the audit log you’ll be able to see that a deletion was made. As GDPR is partly about the right to be forgotten, we do not audit log ‘who’ was deleted, but the user who requested that a deletion occur.

Secondly, the DPA creates a binding agreement between our organization and yours. Under this agreement, we are liable if we don’t undertake this action as requested.

I’m not an EU resident and my company is based outside of EU, so why is Raygun telling me about GDPR?
While you may not be in the EU, Raygun reports on all your software faults and performance issues. Therefore, the likelihood that you have users in the EU is very high. Furthermore, to make sure you are up to date with compliance, Raygun will always notify all our customers when we make any changes to our privacy policy and terms.

If you have additional concerns or questions about GDPR compliance contact us.