If you are a company that collects and processes data from EU residents, you are likely a data controller and would be required to comply with the new EU General Data Protection Regulation (GDPR) coming into effect on May 25th, 2018.
The GDPR was enacted to strengthen the privacy and control EU residents have over their personal data. Part of that is achieved by extending certain data protection requirements that previously were only for data controllers to data processors as well.
As a data controller, you are now required to work only with GDPR-compliant data processors. Because Rollbar processes data on your behalf, we are a data processor to you and are directly obligated to comply with this regulation.
Rollbar treats all data received as potentially containing personal data, and only processes data that you provide to us for the purpose of monitoring errors in your applications.
Rollbar agrees to comply to all of the regulations as outlined in GDPR. Customers can now review and accept online the Data Processing Agreement (DPA) reflecting our commitment to GDPR compliance, by going to Account Settings → Security → Data Processing Agreement.
Review Data Processing AgreementRollbar protects all users' personal data through encryption at rest and in transit. All raw data at rest are encrypted with disk-based encryption using industry-standard AES-256 GCM encryption algorithm, and all data in transit is sent through HTTPS (TLS) encrypted connection.
Learn more about encryption at restRollbar allows paying customers to retain their error data only as long as is necessary for them. You can delete error occurrence data after a specified time period ranging between 7 to 180 days, by going to Account Settings → Security → Data Retention. Optionally you can opt to keep person and IP data even after the underlying occurrences are deleted.
Set your data retention policyRollbar SDKs include data scrubbing filters that allow you to block or limit the amount of personal data sent to Rollbar. By default, the only person data collected by the SDKs is the person ID. You can opt in to collect person name and email addresses. You can also anonymize IP addresses before sending them to Rollbar.
In the event you receive a request from a user to exercise their right to be forgotten under GDPR and need to delete their personal data from Rollbar systems, you can do so by using our person deletion API.
Rollbar has designated a Data Protection Officer who adheres to all tasks as outlined by GDPR, and can be reached via privacy@rollbar.com for any questions or concerns.
Rollbar is HIPAA and ISO 27001 compliant, CSA STAR registered, and EU-U.S. Privacy Shield certified. To learn more about Rollbar's commitment to security and privacy, our security features, and the physical and administrative safeguards we have put in place, read our Security & Compliance policy.
Read our Security & Compliance policy