Personal data captured by Dynatrace

From monitored environments, Dynatrace may capture end-user data, potentially including personal and confidential information about your end users.

This page identifies where personal data may be captured and how you can limit the capture, storage, and display thereof to help you comply with privacy-related legal requirements, including the California Consumer Privacy Act (CCPA; California, United States), General Data Protection Regulation (GDPR; European Union), or Lei Geral de Proteção de Dados (LGPD; Brazil).

Dynatrace masks data according to our three levels of data protection: at capture, at storage, and at display. In the following sections, icons indicate the level of masking applied to each data type that Dynatrace captures.

Captured by default Captured by default.
Masked Masked.
Not masked Not masked.
Masking preferences can be configured; masked by default Masking preferences can be configured; masked by default.
Masking preferences can be configured; not masked by default Masking preferences can be configured; not masked by default.
Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage.
Masking preferences are set according to end-user permission Masking preferences are set according to end-user permission.

Service request monitoring

Dynatrace captures the most important data points of incoming requests as well as the web requests of end-users of your application (that is, service requests). URLs, client IPs, and certain HTTP header fields are captured automatically.

You can configure global privacy settings to mask client IP addresses, URIs, and HTTP post parameters.

Data type Default Masking at capture Masking at storage Masking at display
Client IPs Captured by default Not masked Masking preferences can be configured; masked by default Masking preferences are set according to end-user permission
URIs1 Captured by default Not masked Masking preferences can be configured; not masked by default Masking is dependent on the configuration set during capture and storage
HTTP request/response headers2
URL query parameters3
Exception messages4
Captured by default Not masked Masking preferences can be configured; not masked by default Masking preferences are set according to end-user permission
SQL literals Captured by default Masked Masked Masked
HTTP post parameters5 Not masked Masking preferences can be configured; not masked by default Masking preferences are set according to end-user permission
SQL bind variables (managed-only)4
Method arguments / return values5
Not masked Not masked Masking preferences are set according to end-user permission
1

Can be configured in the global privacy settings.

2

Only certain headers are captured automatically. Other headers can be captured by configuring request attributes.

3

Query parameters are always masked on display and can also be masked upon storage. Parameters can be explicitly captured via request attributes.

4

Can be configured in deep monitoring settings.

5

Can be configured using request attributes.

Real User Monitoring (RUM)

With Dynatrace Real User Monitoring, you can understand your customers better by accessing performance analysis in real time. This includes all performed user actions and how their impact on performance.

To allow performance analysis based on geographical regions, Dynatrace captures IP addresses, which can be masked. Dynatrace can detect returning users by storing a randomly generated ID in each user's browser or on their device. This kind of user tracking is not enabled by default. You can configure global privacy settings to mask user actions, IP addresses, locations, and URIs.

Data type Default Masking at capture Masking at storage Masking at display
User actions1 Captured by default Masking preferences can be configured; not masked by default Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage
IPs and locations2 Captured by default Not masked Masking preferences can be configured; masked by default Masking is dependent on the configuration set during capture and storage
URIs2 Captured by default Not masked Masking preferences can be configured; not masked by default Masking is dependent on the configuration set during capture and storage
User tag of user sessions Masked Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage
Session and action properties3 Masked Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage
1

User actions contain a name, a set of timings, and metadata.

2

Dynatrace looks for personal data such as IP addresses, UUIDs, credit card numbers, emails, and other identifiable IDs. However, there might be other personal data or individual characters that Dynatrace isn't able to detect automatically. To mask the URL on display, use custom names for user actions, resource grouping, and naming.

3

Session and action properties need to be explicitly defined by you and contain whatever the selected underlying data sources propagated them with.

Log Monitoring

Log Monitoring is an optional feature that is enabled by default. You can use it to directly access the log content of all your system's mission-critical processes, search for specific log messages, and store all logs centrally.

Log Monitoring offers the ability to mask all sensitive information in the logs.

Data type Default Masking at capture Masking at storage Masking at display
Log file content Captured by default Masking preferences can be configured; not masked by default Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage

Session Replay

Session Replay is an optional feature. You can enable Session Replay to capture and visually replay users' complete digital interactions with your application.

For web application, Session Replay captures all HTML source code and the mutations that are originated by user interactions. It also captures all user interactions obtained through form fields, attributes, content, and interactions such as mouse movement and scrolling. You can configure Session Replay to mask all sensitive content, including form fields, password fields, attributes, and interactions.

Data type Masking at capture Masking at storage Masking at display
Password form fields Masked Masked Masked
Form fields
User input
Masking preferences can be configured; masked by default Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage
Images
Content
Attributes
Interactions
Masking preferences can be configured; not masked by default Masking is dependent on the configuration set during capture and storage Masking is dependent on the configuration set during capture and storage

OneAgent diagnostics

OneAgent diagnostics is an optional feature that enables Dynatrace users to collect and analyze support archives for anomalies.

Support archives are created by Dynatrace OneAgent and contain OneAgent log files as well as specific data from monitored hosts and processes, for example, process names and identification numbers. OneAgent log files may contain personal data, for example, as part of a stack trace.

Dynatrace masks some personal data, for example, IBANs and URI credentials, before storing a support archive in Cassandra and uploading it to an AWS S3 bucket, but some personal data may not be masked.

Data type Masking at capture Masking at storage Masking at display
OneAgent log files Not masked Masked Masked

ActiveGate diagnostics

ActiveGate diagnostics is an optional feature that enables Dynatrace users to collect and analyze support archives for anomalies.

Support archives are created by Dynatrace ActiveGate and contain ActiveGate log files as well as ActiveGate-specific configuration settings. ActiveGate log files may contain personal data (for example, as part of a stack trace).

Dynatrace masks some personal data (such as IBANs and URI credentials) before storing a support archive in Cassandra and uploading it to an AWS S3 bucket, but some personal data may not be masked.

Data type Masking at capture Masking at storage Masking at display
ActiveGate log files Not masked Masked Masked