Skip to main content
🎉 Launch Offer: Get 50% discount on your first month or year with code EARLYBIRD (first 10 users only)
ErrSight
Features Integrations Pricing Docs Blog Support
Sign in Get started for free

Version 1.0 · Effective date: 2026-05-02

Privacy Policy.

This Privacy Policy explains how Jijo Bose, doing business as ErrSight ("ErrSight," "we," "us," or "our") collects, uses, shares, and protects personal data when you use the ErrSight error tracking service ("Service"). If you have questions, contact us at hi@errsight.com.

1. Scope and Two Roles

ErrSight handles two distinct kinds of data:

  • Account data - what you tell us so you can use the Service. We are the data controller for this.
  • Customer Data - what your application sends to our ingestion API. You are the data controller for this; ErrSight is your data processor.

2. Data We Collect

2.1 Account Data

  • Email address, name, and bcrypt-hashed password. We never store your plaintext password.
  • If you sign in with Google or GitHub: your OAuth provider name, provider account id, email, and name returned by that provider.
  • Organization name, project names, member roles, and alert and digest preferences.
  • Terms and Privacy Policy consent records: version accepted, timestamp, IP address, and browser user-agent.
  • Server access logs: request id, path, status code, and duration. Sensitive fields (passwords, tokens, API keys, user identifiers, stack traces, breadcrumbs, webhook URLs) are stripped at the framework level before any log line is written.

2.2 Customer Data (via SDK or API)

  • Error messages, severity levels, stack traces, and breadcrumbs.
  • Environment name, release identifier, and fingerprint.
  • User context you attach: user id, email, username, and IP address.
  • Arbitrary tags and metadata you choose to include.
  • Timestamp of the event (clamped to a valid range by the ingestion layer).

You control what your application sends. Do not send passwords, payment card numbers, government identifiers, health data, biometric data, or other sensitive personal data in logs, stack traces, or metadata. Configure redaction in your application before forwarding data.

2.3 Usage and Technical Data

  • Login timestamps, session metadata, and IP address of dashboard logins.
  • Browser user-agent.

2.4 Billing Data

Payments are processed by Dodo Payments, who acts as the Merchant of Record and as an independent data controller for the payment transaction. Your full payment information (card number, CVV, expiry date, billing address) is collected and stored by Dodo Payments directly. ErrSight never receives or stores that information.

The only billing-related data ErrSight stores is: your Dodo customer identifier, your Dodo subscription identifier, your current subscription status and plan name, and references to invoices issued by Dodo Payments (invoice ids, hosted invoice URLs, amount, currency, and date).

If you provide an optional reason or free-text comment when cancelling a paid Subscription, we store both in our local database (used for churn analysis) and forward both to Dodo Payments alongside the cancellation request so the same context is reflected in your billing record there. Providing this information is optional and does not affect the cancellation.

For details on how Dodo Payments handles your payment data, see their privacy policy at dodopayments.com/legal/privacy-policy.

2.5 Data We Do Not Collect

We do not request or process special category data (health, biometric, racial or ethnic origin, religious beliefs, sexual orientation, government identifiers). The Service is not designed for such data.

3. How We Use Your Data

  • Create and authenticate your account, including email confirmation and password-reset flows.
  • Ingest, store, and display your error events and logs.
  • Enforce per-plan event quotas, storage limits, and rate limits.
  • Send transactional notices: alerts, hourly and weekly digests, billing notices, and invitations.
  • Facilitate subscription management through Dodo Payments, including cancellations and any optional churn feedback you choose to share.
  • Detect and prevent abuse (rate limits on sign-in and signup).
  • Comply with legal obligations.

4. Legal Bases (GDPR)

  • Performance of contract - running your account, ingesting events, processing your subscription.
  • Legitimate interests - security, abuse prevention.
  • Legal obligation - tax and accounting records.

5. Sub-Processors and Data Sharing

We share data with the following parties strictly to operate the Service. We do not sell your data.

Party Role Purpose Region
Namecheap (VPS) Sub-processor Application hosting, database, log storage US (Phoenix, Arizona)
Dodo Payments Independent data controller Merchant of Record for all transactions. Dodo determines the purposes and means of payment and billing data processing in its own right. Refer to the Dodo Payments Privacy Policy for details. Dodo Payments may process data in any country where they or their sub-processors operate.
Resend Sub-processor Transactional email: account confirmation, password reset, alert emails, digests, billing notices, invitations US
Google / GitHub Sub-processor (if you use OAuth sign-in) OAuth authentication only. We receive your email, name, and provider account id; we do not receive your Google or GitHub password. Global
Cloudflare Sub-processor DNS, CDN, and TLS termination for errsight.com Global

We may also disclose data if required by law, court order, or to protect our rights, property, or safety.

6. International Data Transfers

Our infrastructure is hosted in the United States, on a Namecheap virtual private server located in the Phoenix, Arizona datacenter. If you access the Service from outside the United States, your data will be transferred to and processed there. For transfers from the EEA, UK, or other regions with cross-border transfer restrictions, we and our sub-processors rely on Standard Contractual Clauses or equivalent safeguards.

7. Retention

Data Retention period
Error events Per your plan: 3 days (Free), 14 days (Pro), 30 days (Growth), 60 days (Business), 90 days (Enterprise). Older events are hard-deleted daily by an automated job.
Account data Retained while your account is active. Soft-deleted immediately on account deletion; permanently destroyed 90 days later by an automated job.
Organizations and their events Same 90-day post-soft-delete purge window as accounts.
Consent records (terms acceptance, IP, user-agent) For the life of the account plus 90 days.
Cancellation feedback (optional reason and comment) Retained while your account is active; soft-deleted with the account and permanently destroyed 90 days later.
Invoice references 7 years (India GST requirement).
Application logs (Namecheap VPS) 30 days.

8. Security

  • HTTPS enforced on all connections with HTTP Strict Transport Security.
  • Passwords hashed with bcrypt at 12 stretches; plaintext passwords are never stored or logged.
  • Project API keys are random opaque tokens, scoped to one project, and revocable at any time.
  • Dodo Payments webhook calls are verified with HMAC-SHA256 against a signing key, with a 5-minute timestamp tolerance.
  • Outbound Slack webhook calls are restricted to hooks.slack.com to prevent URL tampering.
  • Login attempts are rate-limited (5 per 20 seconds); signups are rate-limited (3 per hour).
  • Sensitive request parameters are filtered out of application logs.

We do not currently hold SOC 2, ISO 27001, HIPAA BAA, or PCI DSS certifications. The Service must not be used to process protected health information.

9. Your Rights

Under GDPR (EEA / UK)

You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing based on legitimate interests. You may also lodge a complaint with your local data protection authority. To exercise any of these rights, email hi@errsight.com. We respond within 30 days.

For Customer Data containing your end users' personal data: direct erasure requests to the account holder (the data controller) first. A Project Admin can erase events tied to a specific user identifier from one project at a time using the in-app data erasure flow.

Under India's DPDP Act 2023

You have the right to access, correct, and erase your personal data. Contact us at hi@errsight.com to exercise these rights.

Under California (CCPA / CPRA)

We do not sell or share personal information for cross-context behavioural advertising. You have the rights listed above and we do not discriminate against you for exercising them.

We have not appointed a Data Protection Officer as we are not required to do so under GDPR Article 37 or DPDP Act criteria.

10. Cookies

We use the following cookies only:

  • Session cookie - keeps you signed in. Session duration only.
  • CSRF token cookie - prevents cross-site request forgery. Session duration only.
  • Remember-me cookie - set only if you tick "remember me" at sign-in.

We do not set advertising or third-party tracking cookies. Web fonts are self-hosted on our own servers, so loading a page does not cause your browser to contact a third-party font host or share your IP address with one.

11. Children

The Service is intended for software developers and businesses, not for children under 18. We do not knowingly collect personal data from minors. If you believe a child has created an Account, contact hi@errsight.com and we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email to the Organization Owner or by in-app notice at least 14 days before they take effect. The version number and effective date at the top of this page will always reflect the most recent revision.

13. Contact

Jijo Bose, doing business as ErrSight
Bangalore, India
hi@errsight.com

Developers

Documentation Ruby / Rails SDK React / JS SDK REST API

Company

Blog Support Privacy Terms