Rollbar agrees to comply to all of the regulations as outlined in GDPR. Customers can now review and accept online the Data Processing Agreement (DPA) reflecting our commitment to GDPR compliance, by going to Account Settings → Security → Data Processing Agreement.

Rollbar protects all users' personal data through encryption at rest and in transit. All raw data at rest are encrypted with disk-based encryption using industry-standard AES-256 GCM encryption algorithm, and all data in transit is sent through HTTPS (TLS) encrypted connection.

Rollbar allows paying customers to retain their error data only as long as is necessary for them. You can delete error occurrence data after a specified time period ranging between 7 to 180 days, by going to Account Settings → Security → Data Retention. Optionally you can opt to keep person and IP data even after the underlying occurrences are deleted.

Rollbar SDKs include data scrubbing filters that allow you to block or limit the amount of personal data sent to Rollbar. By default, the only person data collected by the SDKs is the person ID. You can opt in to collect person name and email addresses. You can also anonymize IP addresses before sending them to Rollbar.

In the event you receive a request from a user to exercise their right to be forgotten under GDPR and need to delete their personal data from Rollbar systems, you can do so by using our person deletion API.

Rollbar has designated a Data Protection Officer who adheres to all tasks as outlined by GDPR, and can be reached via privacy@rollbar.com for any questions or concerns.

Rollbar is HIPAA and ISO 27001 compliant, CSA STAR registered, and EU-U.S. Privacy Shield certified. To learn more about Rollbar's commitment to security and privacy, our security features, and the physical and administrative safeguards we have put in place, read our Security & Compliance policy.