Personal data captured by Dynatrace

Based on your license type and configuration, Dynatrace can capture both real-user traffic (user actions, captured directly in end-user browsers) and service-side traffic (web requests and other communications that may include personal data).

Dynatrace captures a lot of end-user data from monitored environments. Based on your license type and configuration, Dynatrace can capture both real-user traffic (user actions, captured directly in end-user browsers) and service-side traffic (web requests and other communications that may include personal data).

This page provides information about what personal data types Dynatrace collects (and why) for both Dynatrace Real User Monitoring (RUM) and server-side service monitoring. Here you'll also find information about how sensitive end-user data can be protected, including options for capturing such data by default or excluding it from capture.

Dynatrace Real User Monitoring (RUM)

Dynatrace helps you to improve performance and to both analyze and improve the user experience of your web applications and mobile apps. This includes automatic discovery of client errors and capabilities that detect the root causes of such errors in conjunction with Dynatrace OneAgent. Dynatrace does this by collecting data from the end users of your applications. This is done using client-side JavaScript or the OneAgent for Mobile SDK for native mobile apps.

Service request monitoring

Dynatrace helps you to improve the performance of your applications, it also enables you to analyze problems that occur in production in a timely manner. This is done via Dynatrace OneAgent.

Log Analytics

With Dynatrace Log Analytics, you gain direct access to the log content of all your system's mission-critical processes. It's easy to search for specific log messages that you're interested in. Log content can be filtered based on keywords or timeframe. You can even analyze multiple log files simultaneously—even when log files are stored across multiple hosts.

Most significantly, Dynatrace artificial intelligence automatically correlates relevant log messages with any problems that it detects in your environment. Relevant log messages that are associated with problems are then factored into problem root-cause analysis.

Summary of personal data capture scenarios

The following table provides an overview of how data that may include sensitive values may be captured by Dynatrace. Following are definitions of the various scenarios:

  • May contain PII data: PII data may be captured, either intentionally or accidentally.
  • Configurable capture: Data capture is configurable. Data may or may not be captured.
  • Captured by default: This data is captured by default.
  • Masked by default: If captured, the data is masked by default.
  • Masking on display: If captured, the data is masked on display by default.
  • Masking on storage: If captured, the data is masked before storage by default.
  • Masking on capture: If the data is captured and masking is enabled, the data is masked upon capture.
Product feature Data being captured May contain PII data Configurable capture Captured by default Masked by default Masking on display Masking on storage Masking on capture Comment
Real User User clicks yes no yes yes no configurable future
Real User URL yes no yes no no configurable future
Real User IP and Location yes no yes yes no configurable future
Server side requests URL yes no yes no no configurable future
Server side requests URL Query parameter yes yes yes yes yes configurable future ³
Server side requests Client IP yes no yes yes yes configurable future
Server side requests HTTP request/response header yes yes only some no yes configurable future ¹
Server side requests HTTP post parameter yes yes no no yes configurable future ²
Server side requests Exception messages yes yes yes no yes no yes
Server side requests Method arguments/return values yes yes no no yes future no ²
Server side requests SQL literals and bind variables yes no no yes no future yes
  1. Only certain headers are captured automatically. All others are only captured when requested by an authorized user (see request attributes). The data that are captured aren't masked by default.
  2. All values are captured when requested by an authorized user (see request attributes)
  3. Query parameters are always confidential (masked on display) and can additionally be masked upon storage. They can be explicitly captured by request attributes, in which case their confidentiality depends on request attribute configuration.