PII Scrubbing
Tindra scrubs personally identifiable information from events before they are stored. Scrubbing runs at ingest time. Data that matches a rule never reaches the database.
Field name scrubbing
Any event field whose name matches a configured list is replaced with [Filtered]. Tindra scrubs these field names by default:
passwordpasswdsecretapi_keytokenauthcredentialscredit_cardssn
Field name matching is case-insensitive and applies recursively through nested objects.
Pattern scrubbing
Pattern scrubbing scans the values of all string fields and replaces substrings that match a regex. Two patterns are built in:
| Pattern | What it scrubs |
|---|---|
email |
Email addresses |
ip |
IPv4 and IPv6 addresses |
Adding custom rules
Configure additional field names and patterns in Settings > Security & Privacy.
Custom field names: add any field name that should be scrubbed across all events. Useful for application-specific fields like session_token, user_pin, or account_number.
Custom patterns: add a regex pattern that matches sensitive data in string values. Example to scrub credit card numbers:
\b(?:\d{4}[\s\-]?){3}\d{4}\b
What gets scrubbed
PII scrubbing applies to all event content:
- HTTP request bodies and query strings
- Custom extra data
- Breadcrumb data
- User context (except the
idfield) - Span data
- Log messages captured as breadcrumbs
It does not apply to stacktrace source code lines or file paths.
SDK-side scrubbing
Scrubbing on the Tindra server is a safety net. For sensitive data you know about in advance, scrub it in the SDK before it ever leaves your application.
Laravel
// config/sentry.php
'before_send' => function (\Sentry\Event $event): ?\Sentry\Event {
if ($request = $event->getRequest()) {
$data = $request->getData();
unset($data['password'], $data['card_number']);
// rebuild request without sensitive fields
}
return $event;
},
JavaScript
Sentry.init({
dsn: '...',
beforeSend(event) {
if (event.request?.data) {
delete event.request.data.password;
}
return event;
},
});