Privacy Policy

Cynera Labs LLC is the controller for information we collect directly about our relationship with you, including website usage, account registration, authentication, billing, support, and similar business-administration data.

When an Errova customer sends telemetry, logs, stack traces, end-user identifiers, or other content to Errova for its own applications or systems, Errova generally processes that content on the customer's behalf as a processor or service provider. In those cases, the customer is responsible for deciding what data is sent to Errova and for providing any notices or obtaining any permissions required under applicable law.

If you use Errova through your employer, client, or another organization, that organization may manage your workspace, control account membership, configure integrations, and access telemetry or billing information associated with its workspace.

• Directly from you when you create an account, manage a workspace, or contact us.
• From your browser, device, and network when you access the website or application.
• From your applications, SDKs, APIs, and integrations when they send telemetry to Errova.
• From your organization's administrators, owners, or teammates when they invite or manage you in a workspace.
• From payment, email, security, and integration providers that support billing, communications, and abuse prevention.
• From records generated automatically by our systems as you use the service.

Where we rely on legitimate interests, those interests generally include running a secure, reliable, privacy-conscious error-monitoring service, preventing abuse, maintaining the availability of the platform, and improving operational quality for our customers.

Errova is designed to process operational telemetry. Depending on how a customer configures its applications, that telemetry may contain personal information and, in some cases, sensitive information.

Customers control what their applications and SDKs send to Errova. For example, a customer may choose to include stack traces, log messages, request context, user IDs, email addresses, IP addresses, or custom metadata in event payloads.

Unless you have a clear legal basis and a genuine operational need, you should not send secrets, passwords, authentication tokens, full payment card data, government ID numbers, health information, or other special-category or highly sensitive data to Errova.

• The Errova application uses a necessary session cookie to keep authenticated users signed in and to maintain account context.
• The marketing site and application use limited browser storage to remember user interface preferences such as theme and layout settings.
• We keep standard server and request logs needed to run, secure, and troubleshoot the service.
• Authentication and recovery flows may load bot-protection services such as Cloudflare Turnstile, hCaptcha, or Google reCAPTCHA. If Google reCAPTCHA is used in a particular flow, it may set the necessary _GRECAPTCHA cookie.
• We do not currently use personal information collected through Errova for third-party advertising or cross-context behavioral advertising.

• Service providers and subprocessors that help us host, secure, back up, operate, bill for, and communicate about Errova, such as infrastructure, database, storage, email-delivery, payment, and bot-protection vendors.
• Other authorized members, administrators, or account owners within your organization or workspace, who may be able to view telemetry, billing, members, and project settings.
• Customer-selected integrations and destinations, such as Slack webhook endpoints, when your organization enables them.
• Professional advisers, auditors, insurers, or acquirers where reasonably necessary for business operations, diligence, or a corporate transaction.
• Government authorities, courts, regulators, or law enforcement when required by law or when necessary to protect rights, safety, and the integrity of Errova.

We require service providers to process personal information only for authorized purposes and to protect it with appropriate safeguards. Our providers may change over time as we update the service.

Errova and our service providers may process personal information in countries other than the country where you live, including the United States and other countries where our vendors or infrastructure operate.

Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual commitments or other recognized transfer mechanisms.

• Account, workspace, and support data are kept while your account or business relationship remains active and thereafter only as long as reasonably necessary for security, dispute resolution, backup restoration, and compliance.
• Billing and tax records are kept for the periods required by applicable accounting, tax, audit, and financial-reporting laws.
• Session, request, abuse-prevention, and security logs are retained for as long as reasonably necessary to detect and investigate fraud, abuse, and service incidents.
• Customer-submitted telemetry is retained according to the retention settings associated with the relevant workspace or plan. On our current hosted pricing, advertised retention periods are 90, 180, or 365 days depending on plan and entitlements.
• Prelaunch waitlist records are retained for launch operations and abuse prevention until they are no longer needed for those purposes, after which they are deleted or de-identified, subject to legal retention obligations and backup rotation windows.
• Deleting a project stops new event ingestion, but historical telemetry may remain in active systems until the applicable retention period expires and may persist temporarily in backups until those backups are rotated or securely overwritten.

Depending on where you live, you may have some or all of the following rights:

• Access or know what personal information we hold about you.
• Correct inaccurate personal information.
• Request deletion of personal information, subject to exceptions allowed by law.
• Receive a copy of certain personal information in a portable format where required by law.
• Object to or request restriction of certain processing where applicable.
• Withdraw consent where we rely on consent, without affecting prior processing.
• Complain to a supervisory authority or regulator if you believe your rights have been violated.

We may need to verify your identity and, where permitted by law, the authority of an authorized agent before completing a request. If your information was submitted to Errova by one of our customers as part of telemetry or similar content, we may direct your request to that customer because it is usually the relevant controller for that data.

During the preceding 12 months, depending on how you used Errova, we may have collected categories of personal information that correspond to California categories such as identifiers, customer records information, commercial information, internet or other electronic network activity information, professional or employment-related information, account credentials, and sensitive personal information contained in authentication data or customer-submitted telemetry.

We collect this information from the sources described above and disclose it to the categories of recipients described in this Privacy Policy, including service providers, payment providers, email and security vendors, integrations you enable, other authorized workspace members, and legal authorities when required.

We do not sell personal information, we do not share personal information for cross-context behavioral advertising, and we do not use sensitive personal information to infer characteristics about consumers. Because we do not sell or share personal information for those advertising purposes, Errova does not currently offer a separate sale or sharing opt-out mechanism for the service.

We use automated tools such as rate limiting, challenge-response bot protection, outage-detection logic, and security-anomaly detection to protect Errova and our users from spam, credential attacks, abuse, and malicious traffic.

We do not use personal information to make decisions about you that produce legal or similarly significant effects in the sense used by applicable data-protection law.

Errova is not directed to children under 16, and we do not knowingly collect personal information from children under 16 for our own purposes. If you believe a child has provided personal information to us inappropriately, contact us and we will take appropriate steps to investigate and address the issue.

We use technical and organizational measures designed to protect personal information, including access controls, authentication controls, service monitoring, bot protection, rate limiting, and transport security where supported. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or operational changes. When we do, we will post the updated version here and revise the "Last updated" date above. If a change is materially important, we may also provide additional notice through the service or by email where appropriate.

Errova is operated by Cynera Labs LLC, located in Arkansas, USA. If you have privacy questions, want to exercise your rights, or need to contact us about this Privacy Policy, use the contact form available at cyneralabs.com.

If you are in the EEA, UK, or another jurisdiction with a data-protection regulator, you may also lodge a complaint with the regulator in the place where you live or work, or where you believe a violation occurred.