Posted on by Simon R Jones

Error monitoring tools and UK/European data storage for GDPR compliance

At Studio 24 we work with a lot of government and public sector clients, who are understandly keen to comply with GDPR and are therefore careful about where data is sent and stored.

There is a strong preference to use services that store all data within UK or the European Economic Area (EEA).

This is an issue for many SaaS products since most of them store data in the US or Canada. While there is the EU-US Privacy Shield agreement this has become uncertain after Brexit.

Where possible, we aim to use EAA or UK hosted data for public sector digital services. Where that’s not possible we can use non-EU hosted data for services, but we need to justify this with our clients.

Two tools we currently use for error reporting and monitoring are Bugsnag and Usersnap. After my review I discovered Bugsnag is hosted in the US, though Usersnap is hosted in Europe. A summary of my research on data storage locations is below.

In addition I’ve also added notes on where you can strip indentifying user data from external data storage. This can be helpful for data privacy.

Hosted in EAA

Usersnap

Data hosted on AWS in Europe (Germany or Ireland). GDPR docs are a bit sparse but you can request more details via email. It’s not really possible to strip data via Usersnap due to how it works (on demand screenshot tool rather than automated monitoring).

New Relic

It is possible to select EU data storage when setting up your account. New Relic publish information on security and privacy. HTTP parameters are not logged by default to avoid logging user data.

DataDog

You can use the EU site to ensure all data is stored within the EU. View GDPR docs.

Hosted in US only

Airbrake

Data hosted in USA. GDPR documentation is available on request.

Bugsnag

Data hosted on Google Cloud in USA. Bugsnag does have a detailed Data Processing Agreement and some examples on how to delete user data for data deletion requests which is nice to see.

Loggly

As far as I can tell data is stored in USA.

LogRocket

Data is stored in USA. Lots of options to exclude sensitive data.

Raygun

Data is stored in USA. You can remove sensitive data.

Rollbar

Data is stored in USA. There is some docs on scrubbing data in JS.

Sentry

Data is stored in USA. See data privacy docs. Sentry has data scrubbing tools.