Raygun helps thousands of developers improve their software for millions of end users around the globe. It’s a privilege to be trusted by so many to help improve software experiences.

Everyone says they care about security and customer data. It used to be that folks were concerned about selling that data to advertising networks and other such practices. Now, with the rise of AI, the potential misuses of data have increased.

1. The data we receive from customers is the customer’s data.
2. Data you provide Raygun is always clearly tenanted, and never co-mingled.
3. We will always exercise caution when handling customer data.
4. We will treat your data how we want our suppliers to treat our data.
5. We will never sell or otherwise derive revenue from providing access to customer data to third parties.
6. We are transparent about the use and management of your data.

The data we collect on your behalf is yours. We already adhere to standard compliance programs such as GDPR for customer data. We saw those compliance requirements as lifting standards for everyone, even though Raygun was already effectively adhering to these standards  (e.g. right to have data deleted, control data extension periods, disclose what service providers we use).

This is also why Raygun has supported exporting data, as well as displaying the raw payload data alongside Crash Reports. You can see exactly what information is being sent to Raygun — we have nothing to hide, and transparency builds trust.

Tenanting data means that only authorized users can access the data stored for a given tenant. We also support dedicated infrastructure for customers with specialized requirements. 

While this is fairly standard in software development, AI has changed this game. Models being trained on data can ‘leak’ data and ‘prompt injection’ attacks can be used to trick such systems into exposing customer data.

For this reason we want to be clear on our use of AI technologies as we add these capabilities. We will never train a shared model using customer-provided data, as with today's technology this could make customer data accessible to a bad actor.

Training shared AI models would be akin to not tenanting data and co-mingling. We wouldn’t accept this from any of our suppliers, and we will not do this with your data either.

Technology moves fast, and things are changing faster than ever with the evolution of AI technologies. This is why we believe principles matter, as they provide insight into how we think about these issues as they come up.

We don't ever want to end up apologizing for a data breach or incident, even if it stems from good intentions. We discuss this frequently at Raygun, and have even ruled out some exciting product ideas simply because they would violate our principles in some way. Above all, we want to ensure customers have the utmost trust in Raygun with their data.

‍

This is an extension of being cautious with customer data. Since we don’t accept third parties using our data for anything other than providing their core service, we would never use our customer’s data for anything other than providing Raygun’s services. As we have such a strong concern for customer data, we ensure that we’re very careful in selecting third-party suppliers that we work with. You’ll primarily see us working with organizations that have a strong history of security and customer care. That’s what we want, and it’s what we think our customers want from us too.

Raygun does collect a lot of data to help development teams be significantly more productive in delivering great software and customer experiences. That’s our business. 

It is not about finding ways to sell that data or derive value from third parties with your data. 

It may be out of fashion, but we believe that businesses should charge a fair price to customers and provide value to those customers. Raygun is not a venture-backed company that’s trying to exploit every possible opportunity to make money. We’re a sustainable business that grows through reinvestment of the money received from customers. Without the pressures to reach the next investment hurdle, it’s much easier to treat customers and their data with the respect they deserve.

Along with always showing you what data is sent, as well as having open source SDKs for sending data, we outline what data is collected. Raygun being an extensible service means we also provide guidance on managing sensitive data. You’re welcome to contact us at any time for specific guidance about your use case.

We hope that these principles demonstrate the care we take, and have taken for 10 years, with customers' data. If you have any questions or would like to discuss this further, please reach out. We welcome a conversation directly with you about data security at Raygun. 

Even if you’re a development team looking at data management for your own products, we’re happy to discuss how we’ve approached this. We’re all part of a community of software businesses trying to create great products for our customers. Sharing our lessons is another way we can learn together to achieve that.

You can contact us here.