At Raygun, we are serious about your privacy and sensitive information. Our software gives you the unique ability to drill down into individual user sessions so you can provide exceptional customer service.However, you may not want this potentially sensitive customer information from being collected by Raygun (especially if you work in the healthcare or finance industry.)
This article is a developer’s guide on Raygun’s security measures and how to prevent collecting any data through Raygun Crash Reporting and Pulse, and how to keep your own data secure.
We’ll go through:
How to exclude sensitive data from Raygun in both Crash Reporting and Pulse using javascript How Raygun handles privacy (including government compliance) so you have maximum control over how much information is collected Prevent sensitive data from being sent to RaygunCrash ReportingHere’s how to remove sensitive data with theraygun4js provider. If you’re using another language or framework, please follow the links to our documentation for showing you how to remove sensitive data:
.NET Cold Fusion Node.js php python Ruby on Rails JavaScript removing sensitive data Custom DataIf you are sendingcustom datayou can easily filter sensitive information by providing an array of key names to exclude from the JSON error payload.
Here is the custom data I’m going to send:
rg4js('withCustomData', { "FilterSomeOut": { "SuperSecret": "the meaning of life", "IsHappy": true, "UUID": "87654321-3333-1234-7777-121212121212", "CreditCardNumber": "6011300958782011" }, "FilterALLOut": { "FullName": "Harambe", "Password": "orange" } });In your document, under the other Raygun configuration code already there (like your Raygun API key):
<scripttype="text/javascript"> rg4js('apiKey', 'paste_your_api_key_here'); rg4js('enableCrashReporting', true); </script>…add the filterSensitiveData call and the array of key names to exclude:
rg4js('filterSensitiveData', ['SuperSecret', 'FilterALLOut']); When an error comes through to Raygun, the values for the keys will be replaced with [removed by filter] . Result: FilterSomeOut: { "SuperSecret": "[removed by filter]" "IsHappy": true "UUID": "87654321-3333-1234-7777-121212121212", "CreditCardNumber": "6011300958782011" } FilterALLOut: "[removed by filter]" Filter scopeIf you want to filter out the value of any key in the JSON payload and not just in the custom data, add this snippet to your code:
rg4js('setFilterScope', 'all');Let’s say you wanted to filter out the Environment data from the payload, just add Environment to the filterSensitiveData array:
rg4js('filterSensitiveData', ['SuperSecret', 'FilterALLOut', 'Environment']); Result: ... "Environment": "[removed by filter]", "UserCustomData": { "FilterSomeOut": { "SuperSecret": "[removed by filter]", "IsHappy": true, "UUID": "87654321-3333-1234-7777-121212121212", "CreditCardNumber": "6011300958782011" }, "FilterALLOut": "[removed by filter]" }, ... Filter using RegexIf you have dynamic strings you need to filter out, you can add RegExp objects to the filterSensitiveData array.
First, create the RegExp object:
var creditCardDataRegex = /Credit\D*/; // Remove any keys that begin with 'Credit'Then simply add the variable to the filterSensitiveData array:
rg4js('filterSensitiveData', ['SuperSecret', 'FilterALLOut', 'Environment', creditCardDataRegex]); Result: ... "Environment": "[removed by filter]", "UserCustomData": { "FilterSomeOut": { "SuperSecret": "[removed by filter]", "IsHappy": true, "UUID": "87654321-3333-1234-7777-121212121212", "CreditCardNumber": "[removed by filter]" }, "FilterALLOut": "[removed by filter]" }, ...Need more information on filtering out sensitive data? Head to our JavaScript documentation
Prevent sensitive data from being sent toPulse for WebYou can send additional information about the currently logged in user to your site or web app by calling the setUser object.
If you don’t want to include identifiable information through Pulse, simply remove all the keys from the setUser object, except for the identifier .
identifier is the only required parameter for setUser , and is only required if you are using user tracking. NOTE: This parameter is named user in the setUser function.
identifier is used to uniquely identify the user within Raygun. You can make this value any string to uniquely identify your users (e.g. the user ID) without using identifiable information.
How Raygun’s safety measures keep your data secureAt Raygun, we’re committed to providing a secure service . We use a variety of strategies to protect your information from unauthorized access, use or disclosure.
Hereare a few of the ways Raygun’s security measures provide comprehensive security for you, your customers and your applications.
Auditing
Raygun keeps a log of user actions within the system so that changes that modify the configuration of your Raygun applications (e.g. enabling an integration with a 3rd party provider) or any destructive operations (e.g. deleting data) are clearly tracked and can be reviewed at any time.
Learn moreData encryption
We encrypt all data that is transmitted between you (or your customers) and Raygun using industry-standard TLS (Transport Layer Security), protecting the information you send to us. Your data is also encrypted at rest when it is stored on our servers, and encrypted when we transfer it between data centres for backup and replication.
Data processing
Raygun only processes data for the applications where the customer has installed Raygun Crash Reporting or Pulse. We only extract specific parts of the data for indexing purposes to hel