Data Privacy

Sensitive Data

By default, the SDK does not collect data that uniquely identifies users. No device or browser fingerprinting techniques are applied. User-specific data collection can be enabled through the user identification API if needed.

Data transmitted via the user API is used exclusively to support product features visible in Dash0. This data is not interpreted for other purposes or correlated between customers.

Dash0 supports ad hoc deletion requests to comply with regulations such as GDPR. For recurring or automated deletion needs, anonymized data should be transmitted instead (for example, hashed user IDs).

IP Addresses and Geo-location

IP addresses are anonymized by default. For IPv4, the last octet is replaced with zeros; for IPv6, the last 80 bits are replaced. Stricter anonymization can be configured in the organization’s dataset settings.

The SDK does not access IP addresses directly. Instead, IP addresses are obtained from network connections to telemetry servers and anonymized before enrichment.

Geo-location information is derived from IP-to-geo mapping using the source IP address of telemetry requests or the X-FORWARDED-FOR header. This method provides approximate results and defaults to city-level precision. Precision can be further restricted in organization’s dataset settings.

Storage and Tracking

The SDK does not use cookies.

Both localStorage and sessionStorage are used to maintain session tracking information. Duration of the Session can be configured in the SDK.

Data is stored in Amazon Web Services (AWS) or Google Cloud regions based on the hosting location of the Dash0 organization. The storage region can be identified from the SDK endpoint URL. For example, events sent to ingress.eu-west-1.aws.dash0.com are stored in the eu-west-1 AWS region.

Filtering Sensitive Data

The SDK provides built-in filtering to prevent sensitive data from being transmitted. Credentials are automatically redacted, and additional filtering rules can be defined during SDK initialization. Filtering can be applied to URLs of viewed pages as well as to HTTP request contents.