elmah.io ("us", "we", or "our") operates https://elmah.io (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.
Throughout this document, we divide data into two categories:
- Personal Information
- Log Data
As for Personal Information, this is information identifying you as a user on elmah.io (like users and organizations).
As for Log Data, this is the data sent by your applications for processing on elmah.io (like errors).
elmah.io is developed and maintained by elmah.io ApS.
Information Collection and Use
While using our Site, we ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your name and email address ("Personal Information"). These information are used to improve the way we communicate with you throughout the Site and integrations like Emails and Slack messages.
This is an overview of the Personal Information we collect directly on elmah.io and why we do it.
|We collect user email to send them help during their trial, mails when new errors are logged in their subscription, daily digest, and other types of emails that the user opts-in to.
|We store the name of the social provider used to log in on elmah.io, to be able to log users in next time they try from the same provider and to avoid problems where two social accounts would use the same user id.
|A date and time is stored on all users to see when their trial expires.
|The last time the user logged in is stored to show organization admins if their users log in or not and not optimize the search user feature to show results from people the logged in first.
|The user's name is stored to show a name rather than an email throughout both the UI and the notification channels (mail, Slack, etc.).
|Timezone is used throughout the UI to make sure that dates are handled correctly. We store everything in UTC but need the timezone to convert back to the user's time.
|When a login using username/password fails, we increment a counter on the user.
|The user can choose to upload a profile photo on their profile.
|The name of the organization is stored to be able to generate a correct invoice and to show it in different locations on the UI.
|A date and time is stored on all organizations to see when their trial expires.
|The name of the organization is stored to be able to generate a correct invoice and to allow users to name their organization differently than their company name (like if they have more organization on a single company).
|The address of the organization is stored to be able to generate a correct invoice.
|The address2 of the organization is stored to be able to generate a correct invoice.
|The zip code of the organization is stored to be able to generate a correct invoice.
|The city of the organization is stored to be able to generate a correct invoice.
|The country of the organization is stored to be able to generate a correct invoice.
|The vat of the organization is stored to be able to generate a correct invoice.
|If an organization administrator inputs an accountant email to receive invoices this email is saved on the organization.
Access to data
No one in the company has access to Log Data unless explicitly approved by the customer to carry out support. When the support case is closed, the approval expires and a new approval will be needed for the next support case (even if it is the same customer).
We do not allow remote access to our systems, and we only share data with the following entities.
elmah.io employees have access to the users' Personal Information through our back-office system. The user can restrict this access through the elmah.io UI.
Personal Information is forwarded to a list of Sub-Processors.
Location of Data
All Personal Information and Log Data is stored inside Microsoft's data center in West US. Backups are forwarded to Microsoft's data center in East US. We need to spread across at least two data centers, to restore customer data in the case of a data center breakdown.
Deleting Personal Information
A user can per request ask to get the user's data deleted. We want this to be a manual process, to disallow people from keep signing up for new trials.
When a user asks for deletion, the user data will be deleted from:
- Our database (Elasticsearch)
- Mailchimp (in case the user signed up for the newsletter)
- Backups (we don't want to modify already created backup data, why we create a new total backup and delete the old one)
Your Personal Information is kept as long as you are an active user on our Site and attached to an organization with a paid subscription. When your Personal Information is no longer needed to serve you, it will be deleted after a period of inactivity. We are keeping Personal Information during this time to avoid someone signing up for new trials every time the existing trial expires. In addition, we may keep Personal Information for our compliance with a legal, accounting, or reporting obligation.
Exporting Personal Information
All users must be able to export all of the Personal Information we keep about them. Personal Information can be requested through our support and will be delivered as a JSON output from our users database.
Modification of Personal Information
The user can modify most of the information collected about them (like name, email, etc.). We have some internal properties which are not visible through the UI (see the first paragraph on this page). This information can be updated by contacting our support staff.
Like many site operators, we collect information that your browser sends whenever you visit our Site. This data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, and other statistics. We use Google Analytics and AdWords conversion tracking to monitor traffic and optimize how we spend our ad money.
In addition, errors generated while visiting our Site are automatically logged. These error reports may include details about you and your device. While this information may not allow us to identify you, it may be possible to combine it with other data to personally identify who generated an error.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.
Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
We will comply with laws applicable to us in respect of any data breach. Please contact us if you believe that we have leaked any Personal Information or broken any data protection law.
For detailed technical documentation of elmah.io security, please visit https://elmah.io/security/.
Links to Other Sites
elmah.io has no control over and assumes no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your Personal Information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your Personal Information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.