Does Sentry need to be disclosed in our privacy policy?

Yes. Sentry processes data about your users' interactions with your website, including error events and performance metrics. Under GDPR and CCPA, you must disclose this third-party data processing in your privacy policy, specify what data is collected, and explain the legal basis for processing.

What specific data does Sentry collect?

Sentry collects error stack traces, browser and device information, URLs visited, IP addresses, and optionally user context data if you configure it. Stack traces and URLs may contain personal data or sensitive information, so Sentry provides PII scrubbing tools to automatically filter or redact personal information before data is sent.

Does Sentry require a cookie consent banner?

No. Sentry does not use cookies. However, it does collect IP addresses and other device identifiers through its SDK, which some jurisdictions treat as personal data requiring consent or a legitimate interest basis under GDPR. Review your cookie consent policy to ensure you've disclosed Sentry's data collection separately from cookie notices.

Who processes Sentry data and where is it stored?

Sentry is operated by Functional Software Inc., a United States-based company. Data is transferred to and processed in the U.S. If you operate under GDPR, ensure you have a valid data transfer mechanism in place (such as Standard Contractual Clauses) and include this processor information in your Data Processing Agreement with Sentry.

Error Tracking

Privacy policy clauses for Sentry

Sentry is an error tracking and performance monitoring platform that captures application crashes, bugs, and performance issues in real-time. Websites use Sentry to identify, diagnose, and fix technical problems that affect user experience.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Sentry collects

Your privacy policy must disclose each of the following data types when you use Sentry.

Error stack traces

Browser/device info

URL visited

IP address

User context (if configured)

When does Sentry trigger privacy obligations?

Installation triggers immediate obligations

The moment you deploy Sentry's SDK to your site or application, it begins collecting error stack traces, browser/device fingerprints, visited URLs, and IP addresses automatically—no user interaction required. This automatic data collection is the triggering event for privacy obligations.

### GDPR (EEA users)

If your site receives traffic from the European Economic Area, GDPR Article 6 requires a lawful basis for processing. IP addresses and device identifiers in Sentry's default payload are personal data. You must establish consent (Article 7) or another lawful basis *before* the SDK fires. GDPR Article 13/14 also requires you to disclose to users that error data is sent to Sentry (a US processor) and detail what's collected. If you have EEA users, a Data Processing Agreement (DPA) with Sentry under GDPR Article 28 is mandatory.

Privacy policy clauses for Sentry

What data Sentry collects

When does Sentry trigger privacy obligations?

Installation triggers immediate obligations

Where data goes

Common compliance pitfalls

1. Omitting Sentry from privacy policy or consent configuration

2. Failing to configure PII scrubbing, leaving passwords or API keys in stack traces

3. Missing or unsigned DPA with Sentry for EEA traffic

Legal note

Sample privacy policy clause

What regulators look for

DPA and EDPB enforcement priorities

FTC and CCPA enforcement

Common audit trigger

Frequently asked questions

Does Sentry need to be disclosed in our privacy policy?

What specific data does Sentry collect?

Does Sentry require a cookie consent banner?

Who processes Sentry data and where is it stored?

Don't ship without Bandit.