Privacy Policy

This Privacy Policy was last modified on July 18. 2022.

elmah.io ("us", "we", or "our") operates https://elmah.io (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at https://elmah.io.

Throughout this document, we divide data into two categories:

  1. Personal Information
  2. Log Data

As for Personal Information, this is information identifying you as a user on elmah.io (like users and organizations).

As for Log Data, this is the data sent by your applications for processing on elmah.io (like errors).

elmah.io is developed and maintained by elmah.io ApS.


Information Collection and Use

While using our Site, we ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your name and email address ("Personal Information"). These information are used to improve the way we communicate with you throughout the Site and integrations like Emails and Slack messages.

This is an overview of the Personal Information we collect directly on elmah.io and why we do it.

User

Field Description
Email We collect user email to send them help during their trial, mails when new errors are logged in their subscription, daily digest, and other types of emails that the user opts-in to.
ProviderName We store the name of the social provider used to log in on elmah.io, to be able to log users in next time they try from the same provider and to avoid problems where two social accounts would use the same user id.
Created A date and time is stored on all users to see when their trial expires.
LastLoggedIn The last time the user logged in is stored to show organization admins if their users log in or not and not optimize the search user feature to show results from people the logged in first.
Name The user's name is stored to show a name rather than an email throughout both the UI and the notification channels (mail, Slack, etc.).
Timezone Timezone is used throughout the UI to make sure that dates are handled correctly. We store everything in UTC but need the timezone to convert back to the user's time.
FailedLoginAttempts When a login using username/password fails, we increment a counter on the user.
ProfilePhoto The user can choose to upload a profile photo on their profile.

Organization

Field Description
Name The name of the organization is stored to be able to generate a correct invoice and to show it in different locations on the UI.
Created A date and time is stored on all organizations to see when their trial expires.
CompanyName The name of the organization is stored to be able to generate a correct invoice and to allow users to name their organization differently than their company name (like if they have more organization on a single company).
Address The address of the organization is stored to be able to generate a correct invoice.
Address2 The address2 of the organization is stored to be able to generate a correct invoice.
Zipcode The zip code of the organization is stored to be able to generate a correct invoice.
City The city of the organization is stored to be able to generate a correct invoice.
Country The country of the organization is stored to be able to generate a correct invoice.
Vat The vat of the organization is stored to be able to generate a correct invoice.
AccountantEmail If an organization administrator inputs an accountant email to receive invoices this email is saved on the organization.

Access to data

No one in the company has access to Log Data unless explicitly approved by the customer to carry out support. When the support case is closed, the approval expires and a new approval will be needed for the next support case (even if it is the same customer).

We do not allow remote access to our systems, and we only share data with the following entities.

elmah.io employees have access to the users' Personal Information through our back-office system. The user can restrict this access through the elmah.io UI.

Personal Information is forwarded to a list of Sub-Processors.


Location of Data

All Personal Information and Log Data is stored inside Microsoft's data center in West US. Backups are forwarded to Microsoft's data center in East US. We need to spread across at least two data centers, to restore customer data in the case of a data center breakdown.


Deleting Personal Information

A user can per request ask to get the user's data deleted. We want this to be a manual process, to disallow people from keep signing up for new trials.

When a user asks for deletion, the user data will be deleted from:

  • Our database (Elasticsearch)
  • Intercom
  • Mailchimp (in case the user signed up for the newsletter)
  • Backups (we don't want to modify already created backup data, why we create a new total backup and delete the old one)

Retention

Your Personal Information is kept as long as you are an active user on our Site and attached to an organization with a paid subscription. When your Personal Information is no longer needed to serve you, it will be deleted after a period of inactivity. We are keeping Personal Information during this time to avoid someone signing up for new trials every time the existing trial expires. In addition, we may keep Personal Information for our compliance with a legal, accounting, or reporting obligation.


Exporting Personal Information

All users must be able to export all of the Personal Information we keep about them. Personal Information can be requested through our support and will be delivered as a JSON output from our users database.


Modification of Personal Information

The user can modify most of the information collected about them (like name, email, etc.). We have some internal properties which are not visible through the UI (see the first paragraph on this page). This information can be updated by contacting our support staff.


Logging

Like many site operators, we collect information that your browser sends whenever you visit our Site. This data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics. We use Google Analytics and AdWords conversion tracking to monitor traffic and optimize how we spend our ad money.

In addition, errors generated while visiting our Site are automatically logged. These error reports may include details about you and your device. While this information may not allow us to identify you, it may be possible to combine it with other data to personally identify who generated an error.


Cookies

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.

Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

For more information about cookies, please visit our Cookie Policy.


Security

The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

We will comply with laws applicable to us in respect of any data breach. Please contact us if you believe that we have leaked any Personal Information or broken any data protection law.

For detailed technical documentation of elmah.io security, please visit https://elmah.io/security/.


Links to Other Sites

Our Site contains links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

elmah.io has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third-party sites or services.


Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your Personal Information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your Personal Information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.


Changes to This Privacy Policy

elmah.io may update this Privacy Policy from time to time. You will be prompted to accept any updates to the Privacy Policy on the login following the update. You are advised to review this Privacy Policy periodically for any changes.


Contact Us

If you have any questions about this Privacy Policy, please contact us.