Personal data captured by Dynatrace

Dynatrace captures a lot of end-user data from monitored environments. This data can potentially include sensitive personal information, personally identifiable information (PII), and data that is sensitive to an individual end user.

This page provides information about potential sources that may include personal and sensitive data and how to configure capturing and masking rules in order to comply with data privacy and data protection laws and regulations, such as GDPR (Europe), California Privacy Act (CCPA), and Brazilian General Data Protection Law (LGPD).

In Dynatrace, masking happens at three different stages:

  • Mask at capture: Data is masked by OneAgent before it is sent to Dynatrace Cluster.
  • Mask at storage: Data is masked before it is sent to the data store and, therefore, never displayed as text.
  • Mask at display: Data is stored as text in the data store. The masking happens on the server side and is dependent upon the end-user's preferences before being displayed.

In the following sections, we've used icons to indicate the level of masking applied to each data type that is captured by Dynatrace:

Captured by default. Captured by default.
Masked Masked.
Not masked Not masked.
Masking preferences can be configured; masked by default. Masking preferences can be configured; masked by default.
Masking preferences can be configured; not masked by default. Masking preferences can be configured; not masked by default.
Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.
Masking preferences are set according to end-user permission. Masking preferences are set according to end-user permission.

Service request monitoring

Dynatrace captures the most important data points of incoming requests as well as the web requests of end-users of your application (i.e., service requests). ​URLs, client IPs, and certain HTTP header fields are captured automatically.​ You can configure global privacy settings to mask client IP addresses, URIs, and HTTP post parameters.

Capturing Masking
DEFAULT DATA TYPE AT CAPTURE AT STORAGE AT DISPLAY
Captured by default. Client IPs Not masked Masking preferences can be configured; masked by default. Masking preferences are set according to end-user permission.
Captured by default. URIs Not masked Masking preferences can be configured; not masked by default. Masking is dependent on the configuration set during capture and storage.
Captured by default. HTTP request/response headers1
URL query parameters2
Exception messages3
Not masked Masking preferences can be configured; not masked by default. Masking preferences are set according to end-user permission.
Captured by default. SQL literals Masked Masked Masked
HTTP post parameters4 Not masked Masking preferences can be configured; not masked by default. Masking preferences are set according to end-user permission.
SQL bind variables (managed-only)3
Method arguments/return values4
Not masked Not masked Masking preferences are set according to end-user permission.

1 Only certain headers are captured automatically. Other headers can be captured by configuring request attributes.
2 Query parameters are always masked on display and can also be masked upon storage. Parameters can be explicitly captured via request attributes.
3 Can be configured in deep monitoring settings.
​​4 Can be configured by using request attributes.​

Real User Monitoring (RUM)

With Dynatrace Real User Monitoring, you can understand your customers better by accessing performance analysis in real time. This includes all performed user actions and how they impact performance. ​

To allow performance analysis based on geographical regions, Dynatrace captures IP addresses which can be masked.​ Dynatrace can detect returning users by storing a randomly generated ID in each user's browser or on their device. This kind of user tracking is not enabled by default. You can configure global privacy settings to mask user actions, IP addresses, locations, and URIs.

Capturing Masking
DEFAULT DATA TYPE AT CAPTURE AT STORAGE AT DISPLAY
Captured by default. User actions1 Masking preferences can be configured; not masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.
Captured by default. IPs and locations2 Not masked Masking preferences can be configured; masked by default. Masking is dependent on the configuration set during capture and storage.
Captured by default. URIs2 Not masked Masking preferences can be configured; not masked by default. Masking preferences are set according to end-user permission.
User tag of user sessions Masking preferences can be configured; masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.
Session and action properties Masking preferences can be configured; masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.

1 User actions contain a name and a set of timings and metadata.
2 Dynatrace looks for personal data like IP addresses, UUIDs, credit card numbers, emails, and other identifiable IDs. However, there might be some other personal data or individual characters that Dynatrace isn't able to detect automatically. To mask the URL on display, use custom names for user actions, resource grouping, and naming .

Log Monitoring

Log Monitoring is an optional feature that is enabled by default.​

With Log Monitoring, you can directly access the log content of all your system's mission-critical processes. It's easy to look for specific log messages that you're interested in. ​Log Monitoring offers an optional feature to store all logs centrally. You can also mask all sensitive information in the logs.

Capturing Masking
DEFAULT DATA TYPE AT CAPTURE AT STORAGE AT DISPLAY
Captured by default. Log file content Masking preferences can be configured; not masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.

Session Replay

Session Replay is an optional feature. You can enable Session Replay to capture and visually replay users' complete digital interactions with your application.​

Session Replay captures all HTML source code and the mutations that are originated by user interactions. It also captures all user interactions obtained through form fields, attributes, content, and interactions such as input, mouse movements, and scrolls.​ You can configure Session Replay to mask all sensitive content, including form fields, password fields, attributes, and interactions.

Capturing Masking
DATA TYPE AT CAPTURE AT STORAGE AT DISPLAY
Password form fields Masked Masked Masked
Form fields
User input
Masking preferences can be configured; masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.
Images
Content
Attributes
Interactions
Masking preferences can be configured; not masked by default. Masking is dependent on the configuration set during capture and storage. Masking is dependent on the configuration set during capture and storage.