Update AI Privacy Docs (#14998)

coolguyzone · Alex Krawiec · sfanahata · web-flow · commit de87d0b31a38 · 2025-09-23T09:30:25.000-07:00
## DESCRIBE YOUR PR Applied updates from notion, see https://sentry-docs-git-ai-privacy-updates.sentry.dev/product/ai-in-sentry/ai-privacy-and-security/ and https://sentry-docs-git-ai-privacy-updates.sentry.dev/security-legal-pii/security/service-data-usage/ ## IS YOUR CHANGE URGENT? Help us prioritize incoming PRs by letting us know when the change needs to go live. - [ ] Urgent deadline (GA date, etc.):  - [ ] Other deadline:  - [ ] None: Not urgent, can wait up to 1 week+ ## SLA - Teamwork makes the dream work, so please add a reviewer to your PRs. - Please give the docs team up to 1 week to review your PR unless you've added an urgent due date to it. Thanks in advance for your help! ## PRE-MERGE CHECKLIST *Make sure you've checked the following before merging your changes:* - [ ] Checked Vercel preview for correctness, including links - [ ] PR was reviewed and approved by any necessary SMEs (subject matter experts) - [ ] PR was reviewed and approved by a member of the [Sentry docs team](https://github.com/orgs/getsentry/teams/docs) ## LEGAL BOILERPLATE  Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms. ## EXTRA RESOURCES - [Sentry Docs contributor guide](https://docs.sentry.io/contributing/) --------- Co-authored-by: Alex Krawiec <alex.krawiec@R7J1Y747QQ.local> Co-authored-by: Shannon Anahata <shannon.anahata@gmail.com>
diff --git a/docs/product/ai-in-sentry/ai-privacy-and-security/index.mdx b/docs/product/ai-in-sentry/ai-privacy-and-security/index.mdx
@@ -1,16 +1,14 @@
 ---
-title: AI Privacy and Security
+title: AI Privacy Principles
 sidebar_order: 40
-description: "Learn about how AI features in Sentry handle your data securely and protect your privacy."
+description: "Learn about how Sentry handles your data and protects your privacy when it comes to AI."
 ---
 
-Generative AI features in Sentry, including Seer, are designed with your privacy and security in mind. We take the following measures to ensure that your data is handled securely:
+Generative AI features in Sentry, including Seer, are designed with your privacy in mind. Here are the core principles that apply to how we handle your data when it comes to our generative AI features.
 
-## Data Processing for Generative AI
+## Transparency in Data Processing
 
-We use the data listed below to provide insights, analysis, and solutions for your review. Your data will not be used to train any generative AI models by default and without your express consent, and AI-generated output from your data is shown only to you, not other customers.
-
-Our generative AI features are powered by large language models (LLMs) hosted by subprocessors identified on our [subprocessor list](https://sentry.io/legal/subprocessors/). Our subprocessors are only permitted to use the data as directed by us.
+Our generative AI features use some of the data you've configured to collect and send to your Sentry instance. This provides additional insights, analysis, and solutions for your review. 
 
 The data used for these features includes:
 
@@ -22,12 +20,19 @@ The data used for these features includes:
 - Profiles
 - Relevant code from linked repositories
 
-For [EU region customers](/organization/data-storage-location/), data is stored in the European Union.
+### No Training on Your Data
 
-You can learn more about our data privacy practices [here](/security-legal-pii/security/ai-ml-policy/#use-of-identifying-data-for-generative-ai-features).
+By default, your data will not be used to train generative AI models unless you give permission.
+If you want to help improve the Sentry service, including Seer, you may opt-in to further use of your data for product improvement.  Learn more about [how your data is protected and used](/security-legal-pii/security/service-data-usage/#use-of-identifying-data-for-generative-ai-features).
 
-## Privacy Guarantees
+## Limited Access by Authorized Third Parties
 
-### No Training on Your Data
+By default, our generative AI features are powered by third-party large language models (LLMs) that are hosted within Sentry's production infrastructure and not accessible by the underlying third-party model providers. This is enabled by the infrastructure providers set forth on our [subprocessor list](https://sentry.io/legal/subprocessors/). For any features that rely on LLMs hosted outside Sentry's production infrastructure, we will identify the applicable subprocessors.  
+
+In all cases, our subprocessors are only permitted to use the data as directed by Sentry and in accordance with the commitments  we make to you for the Sentry service, including for [data retention](https://sentry.io/security/#data-retention) and [data storage location](/organization/data-storage-location/).
+
+Further, by design, the Sentry AI-generated outputs from your data inputs are shown only to you, and never shared with other customers.
+
+## Data Controls and Generative AI
 
-Your data will **not** be used to train any generative AI models by default and without your express consent, and AI-generated output from your data is shown only to you, not other customers.
+Sentry offers an administrative level control to [disable all generative AI features](/product/ai-in-sentry/#disabling-generative-ai-features) for your organization.
diff --git a/docs/security-legal-pii/security/service-data-usage.mdx b/docs/security-legal-pii/security/service-data-usage.mdx
@@ -1,22 +1,22 @@
 ---
 title: "Service Data Usage"
 sidebar_order: 10
-description: "Learn about Sentry's approach to AI/ML"
+description: "Learn about Sentry's approach to your data"
 ---
 
-## Delivering a better user experience
+## Delivering a Better User Experience
 
-Sentry processes your service data, the data you configure to be collected and reported to your Sentry instance, to provide our service to you. As Sentry’s service has evolved, however, prior heuristics-based approaches cannot deliver the product value we’ve come to expect. To train and validate models for grouping, notifications, and workflow improvements, Sentry will need access to additional [service data](https://blog.sentry.io/terms-of-service-update/) to deliver a better user experience.
+Sentry processes your service data, the data you configure to be collected and reported to your Sentry instance, to provide our service to you. As Sentry's service has evolved, however, prior heuristics-based approaches cannot deliver the product value we've come to expect. To train and validate models for grouping, notifications, and workflow improvements, Sentry will need access to additional service data to deliver a better user experience.
 
-You can update these settings within the “Service Data Usage” section of the Legal & Compliance page in [Sentry](https://sentry.io/orgredirect/organizations/:orgslug/settings/legal/), which is located within the “Usage & Billing” Settings.
+You can update these settings within the “Service Data Usage” section of the [Legal & Compliance page in Sentry](https://sentry.io/orgredirect/organizations/:orgslug/settings/legal/), which is located within the “Usage & Billing” Settings.
 
-### Use of non-identifying data
+### Use of Non-Identifying Data
 
-In accordance with our Terms of Service, Sentry may use non-identifying elements of your service data for product improvement. For example, we may aggregate web vitals data to show your site’s performance against a Sentry-built benchmark. The data accessed for the benchmark cannot be linked back to any particular project or customer, making it non-identifying.
+In accordance with our Terms of Service, Sentry may use non-identifying elements of your service data for product improvement. For example, we may aggregate web vitals data to show your site's performance against a Sentry-built benchmark. The data accessed for the benchmark cannot be linked back to any particular project or customer, making it non-identifying.
 
-### Use of aggregated identifying data
+### Use of Aggregated Identifying Data
 
-For upcoming features like priority alerts or ML-based grouping, if authorized by you, Sentry may access the following forms of service data for product improvement:
+With your authorization, Sentry may use certain types of service data to improve our product. These include:
 
 - Error messages
 - Stack traces
@@ -25,36 +25,26 @@ For upcoming features like priority alerts or ML-based grouping, if authorized b
 
 ## Use of Identifying Data for Generative AI Features
 
-For generative AI features like [Seer](/product/issues/issue-details/sentry-seer/) or issue summary, Sentry may access the following forms of service data to provide insights, analysis, and solutions for your review. Your data will not be used to train any generative AI models by default and without your express consent, and AI-generated output from your data is shown only to you, not other customers.
-
-- Error messages
-- Stack traces
-- Spans and traces
-- Logs
-- DOM interactions
-- Profiles
-- Relevant code from linked repositories
-
-For [EU region customers](/organization/data-storage-location/), data is stored in the European Union.
+For generative AI features like [Seer](/product/ai-in-sentry/seer/) or issue summary, Sentry may access your service data to provide feature functionalities to you, including generative AI output. By default, your data will not be used to train any generative AI models without your permission. AI-generated output from your data is shown only to you, not other customers. For more details about Sentry, AI, and privacy, see our [AI Privacy Principles](/product/ai-in-sentry/ai-privacy-and-security/).
 
 ## Data Access Summary
 
 | **Access Type**                                 | **Is the underlying data identifiable?** | **Who will this data (or any output) be shared with?** | **Will this data be used for training Sentry models?** | **Will this data be used to train 3rd party models?** |
-|-------------------------------------------------|------------------------------------------|--------------------------------------------------------|--------------------------------------------------------|-------------------------------------------------------|
-| **Non-identifying data**                        | No                                       | Other Sentry customers*                                | Yes                                                    | No                                                    |
-| **Aggregated identifying data**                 | Yes                                      | Approved subprocessors                                 | Yes                                                    | No                                                    |
-| **Identifying data for generative AI features** | Yes                                      | Approved subprocessors                                 | No                                                     | No                                                    |
+| ----------------------------------------------- | ---------------------------------------- | ------------------------------------------------------ | ------------------------------------------------------ | ----------------------------------------------------- |
+| **Non-identifying data**                        | No                                       | Other Sentry customers\*                               | Yes                                                    | No                                                    |
+| **Aggregated identifying data**                 | Yes                                      | Approved subprocessors                                 | No (unless authorized)                                    | No                                                    |
+| **Identifying data for generative AI features** | Yes                                      | Approved subprocessors                                 | No (unless authorized)                                                       | No                                                    |
+
+\*_In these cases we don't share the underlying data, only aggregations or output generated from the data_
 
-**In these cases we don't share the underlying data, only aggregations or output generated from the data.*
+## Our Data Handling
 
-## Data Handling
+Where we are authorized to use service data for product improvement:
 
-In addition to the consent mechanisms mentioned above:
+1. We'll continue to encourage all customers to use our [various data scrubbing tools](/security-legal-pii/scrubbing/) so that service data is sanitized before we receive it.
 
-1. We'll continue to encourage all customers to use our [various data scrubbing tools](/product/data-management-settings/scrubbing/) so that service data is sanitized before we receive it.
 2. We'll apply the same deletion and retention rules to our training data as we do to the underlying service data. This means that if you delete service data, it will also be removed from our machine learning models automatically.
+
 3. We'll scrub data for PII before it goes into any training set.
-4. We'll ensure that the only service data presented in the output of any generative AI feature belongs to the customer using the feature.
-5. We'll only use generative AI models built in-house, deployed in our production cloud, or provided by our existing trusted [third-party subprocessors](https://sentry.io/legal/subprocessors/) who have made contractual commitments that are consistent with the above.
 
-We're confident that with these controls in place, we'll be able to use service data to improve and provide our products through AI while at the same time protecting that data.
+We're confident that with these controls in place, we'll be able to use service data to improve and provide our products while at the same time protecting that data.
