docs(elixir): Add data-collected page (#13840)

solnic · web-flow · commit d59189bee6e1 · 2025-06-02T15:06:03.000+02:00
This adds data-collected page that summarizes how the Elixir SDK gathers
diff --git a/docs/platforms/elixir/data-management/data-collected.mdx b/docs/platforms/elixir/data-management/data-collected.mdx
@@ -0,0 +1,176 @@
+---
+title: Data Collected
+description: "See what data is collected by the Sentry SDK."
+sidebar_order: 1
+---
+
+Sentry takes data privacy very seriously and has default settings in place that prioritize data safety, especially when it comes to personally identifiable information (PII) data. When you add the Sentry SDK to your application, you allow it to collect data and send it to Sentry during the runtime of your application.
+
+The category types and amount of data collected vary, depending on the integrations you've enabled in the Sentry SDK. Here's a list of data categories the Sentry Elixir SDK collects:
+
+## HTTP Headers
+
+When using the Plug or Phoenix integrations, HTTP headers from requests are included in error reports with built-in filtering for security:
+
+**Default Behavior:**
+
+- Most request headers are included by default
+- Sensitive headers are automatically scrubbed, including:
+  - `authorization`
+  - `authentication`
+  - `cookie`
+
+**Configuration:**
+
+```elixir
+# Custom header filtering
+config :sentry,
+  header_scrubber: &MyApp.CustomHeaderScrubber.scrub/1
+```
+
+## Cookies
+
+**Default Behavior:**
+- **All cookies are scrubbed by default** for privacy protection
+- No cookie data is sent to Sentry unless explicitly configured
+
+**Configuration:**
+
+```elixir
+# Enable cookie collection with custom scrubbing
+config :sentry,
+  cookie_scrubber: &MyApp.CustomCookieScrubber.scrub/1
+```
+
+## Users' IP Address
+
+**Default Behavior:**
+- Client IP addresses are collected from HTTP requests
+- Prioritizes `x-forwarded-for` header, falls back to `conn.remote_ip`
+
+**Configuration:**
+
+```elixir
+# Custom IP address extraction
+config :sentry,
+  remote_address_reader: {MyModule, :get_ip_address}
+```
+
+## Request URL
+
+**Default Behavior:**
+- Full request URLs are always sent, including query strings
+- URLs may contain PII depending on your application's routing structure
+
+**Configuration:**
+
+```elixir
+# Custom URL scrubbing
+config :sentry,
+  url_scrubber: &MyApp.UrlScrubber.scrub/1
+```
+
+## Request Body
+
+**Default Behavior:**
+- Request body parameters are included with automatic scrubbing
+- Sensitive parameters are filtered by default:
+  - `password`
+  - `passwd`
+  - `secret`
+  - Credit card numbers (detected via regex pattern)
+
+**Configuration:**
+```elixir
+# Custom body parameter filtering
+config :sentry,
+  body_scrubber: &MyApp.BodyScrubber.scrub/1
+```
+
+## Source Context
+
+**Default Behavior:**
+
+- Source code context is **disabled by default**
+- Must be explicitly enabled and packaged
+
+**Configuration:**
+
+```elixir
+# Enable source code context
+config :sentry,
+  enable_source_code_context: true,
+  root_source_code_paths: [File.cwd!()],
+  context_lines: 3  # Lines before/after error
+```
+
+## Local Variables In Stack Trace
+
+**Default Behavior:**
+- Local variables are not included in stack traces
+- Stack traces contain function names, function variables, modules, file paths, and line numbers only
+
+**Note:** Unlike some other SDKs, the Elixir SDK does not currently support capturing local variables due to the nature of the Erlang VM.
+
+## Logger Data
+
+When using the Logger integration, additional data is collected:
+
+**Log Metadata:**
+
+- Configurable via the `:metadata` option
+- Can include specific keys or all available metadata
+
+**Process Context:**
+
+- Process ID (PID)
+- GenServer state and last message (for crashed GenServers)
+- Process crash reasons
+
+**Configuration:**
+
+```elixir
+config :logger, :sentry,
+  metadata: [:request_id, :user_id] # Specific keys
+# or
+config :logger, :sentry,
+  metadata: :all # All available metadata
+```
+
+<Alert>
+There's always risk that PII will leak into Sentry via Logger integration. It is recommended to review your log metadata and scrub any sensitive information before logging.
+</Alert>
+
+## Application Dependencies
+
+**Default Behavior:**
+
+- List of loaded applications and their versions are sent
+- Helps with debugging version-specific issues
+
+**Configuration:**
+
+```elixir
+# Disable dependency reporting
+config :sentry,
+  report_deps: false
+```
+
+## Oban Job Data
+
+When using the Oban integration for background jobs:
+
+**Job Information:**
+- Job arguments, attempt count, queue name
+- Worker class name
+- Job metadata and tags
+- Max attempts and current state
+
+
+## More information
+
+To learn more about customizing PII data collection, see the following API docs:
+
+- [Configuration](https://hexdocs.pm/sentry/10.10.0/Sentry.html#module-configuration)
+- [PlugContext](https://hexdocs.pm/sentry/Sentry.PlugContext.html)
+- [Logger Handler](https://hexdocs.pm/sentry/10.10.0/Sentry.LoggerHandler.html)
