Is EuroBug GDPR-compliant?

Yes. EuroBug is designed for GDPR compliance. All core data is processed and stored within the EU (Scaleway, Paris). IP addresses are hashed server-side. PII is scrubbed both client-side and server-side. The tracker places no cookies on your website visitors. Optional integrations like Slack are opt-in and clearly disclosed.

How does EuroBug differ from Sentry?

Sentry is a US company subject to the CLOUD Act. Their tracking scripts are typically tens of kilobytes. EuroBug is under 2kb gzipped, fully European, and scrubs PII both client-side and server-side. Your core error data stays in the EU.

Do I need a cookie banner for EuroBug?

No. The EuroBug tracker places no cookies on your website visitors and does no tracking. The EuroBug dashboard uses a strictly necessary session cookie for logged-in customers, which does not require consent.

Can I try EuroBug without a credit card?

Absolutely. The Starter plan is free (up to 5,000 errors/month) and requires no payment details whatsoever.

Where exactly is my data stored?

All infrastructure runs on Scaleway in Paris, France — a European company with no US parent entity.

How does source map integration work?

Upload your source maps via our CLI or dashboard. We automatically match them to incoming errors and display the original source code in your stack traces instead of minified gibberish.

← Back to home

Privacy Policy (GDPR / AVG)

Last updated: March 24, 2026

EuroBug B.V. (hereafter “EuroBug”, “we” or “us”) provides a GDPR-by-design, European, privacy-first error tracking service. We respect your privacy and operate strictly within the General Data Protection Regulation (GDPR).

1. Our Role & Legal Basis

For visitors of your website (End Users): We act exclusively as a Data Processor. You (the Customer) are the Data Controller and guarantee a valid legal basis (such as legitimate interest for technical monitoring) to send pseudonymized error data to EuroBug. EuroBug places no cookies on your visitors' devices, performs no cross-site tracking, and never stores raw IP addresses (these are hashed in memory immediately upon receipt for DDoS protection).

For you, our customer: We act as Data Controller for your account data (email address, company name, billing details), processed on the legal basis of contract performance. For the functioning of our customer dashboard, we exclusively use strictly necessary session cookies to keep you securely logged in. No consent is legally required for these.

2. Data Minimization & PII Scrubbing

Our service is designed around data minimization. Error data passes through two independent PII scrubbing layers:

Client-side (defense in depth): Our tracker script removes email addresses, IBANs, credit card numbers, JWT tokens, Bearer tokens, and password-like URL parameters before any data leaves the browser.
Server-side (authoritative): Our ingest API runs a comprehensive server-side sanitizer on all incoming fields. This is the authoritative layer — it applies the full pattern set including IPv4/IPv6 addresses and Dutch BSN numbers. Query parameters are stripped from URLs. IP addresses are hashed with a daily-rotating salt and never stored raw.

Data retention is enforced automatically based on your plan: 7 days (Developer), 90 days (Startup), or 365 days (Agency). Expired error data is permanently deleted by our daily retention worker.

3. Our European Sub-Processors

We exclusively work with European partners without a US parent company (to avoid the American CLOUD Act):

Scaleway (France): Application hosting, managed PostgreSQL database, managed Redis, and transactional email (TEM). All services in Paris, France.
Mollie (Netherlands): Payment processing.
Slack (US, opt-in only): If the customer enables Slack notifications, a notification-safe summary (project name and dashboard link only) is sent to Slack's servers. No error details, stack traces, or URLs are included. This is optional and clearly disclosed.
Microsoft Teams (US, opt-in only): If the customer enables Teams notifications, the same notification-safe summary is sent to Microsoft's servers. No error details, stack traces, or URLs are included. This is optional and clearly disclosed.

4. Your Rights

As a customer, you have the right to: access your data, rectify inaccuracies, request erasure, restrict processing, data portability, and object to processing. You also have the right to lodge a complaint with your national supervisory authority (in the Netherlands: the Autoriteit Persoonsgegevens).

For end users of your website, data subject requests should be directed to you (the Data Controller), after which we will follow your instructions. Contact us at privacy@eurobug.eu.

5. Cookies

The EuroBug tracker script places no cookies on your website visitors' devices.

The EuroBug customer dashboard uses the following strictly necessary cookies (no consent required under ePrivacy Art. 5(3)):

Session cookie (NextAuth) — keeps you securely logged in.
eurobug_active_project — remembers your selected project in the dashboard.
eurobug_active_org — remembers your selected organization (multi-org users).

No analytics, advertising, or third-party tracking cookies are used.

6. Data Protection Officer

Given the nature and scale of our processing, EuroBug has not appointed a Data Protection Officer. For privacy inquiries, contact privacy@eurobug.eu.