01
Comparing v3 → v4
Changes between version 3 and version 4 of the privacy policy.
@@ -26,6 +26,9 @@
- **User agent** — your browser and device information, recorded with each session
- **Session data** — authentication tokens and session expiry timestamps
- **Page views** — aggregate view counts on blog posts (not linked to individual users)
+- **Error tracking data** — when an error occurs, Sentry captures the error message, stack trace, browser and OS information, page URL, and request metadata. This data is not linked to your user account.
+- **Session replay data** — Sentry records a sample of browsing sessions (10% of normal sessions, 100% of sessions where an error occurs) as DOM snapshots. Replays capture page structure, clicks, and navigation but mask all text input fields by default. Session replays are not linked to your user account.
+- **Performance data** — Sentry collects page load times, navigation timing, and API request durations to monitor application performance.
### Data From Third Parties
@@ -37,16 +40,19 @@
## Purposes of Data Processing
-| Data Category | Purpose | Legal Basis (PDPA) |
-| --------------- | ------------------------------------------- | ---------------------------------- |
-| Account info | Account creation and authentication | Consent (Section 19) |
-| Profile image | Display alongside your comments and profile | Consent (Section 19) |
-| Comments | Enable discussion on blog posts | Consent (Section 19) |
-| Comment reports | Content moderation and community safety | Legitimate interest (Section 24) |
-| IP address | Security, abuse prevention, and moderation | Legitimate interest (Section 24) |
-| User agent | Session management and security monitoring | Legitimate interest (Section 24) |
-| Session data | Maintaining your authenticated state | Contractual necessity (Section 24) |
-| Analytics data | Improving website performance | Consent (Section 19) |
+| Data Category | Purpose | Legal Basis (PDPA) |
+| ---------------- | ------------------------------------------- | ---------------------------------- |
+| Account info | Account creation and authentication | Consent (Section 19) |
+| Profile image | Display alongside your comments and profile | Consent (Section 19) |
+| Comments | Enable discussion on blog posts | Consent (Section 19) |
+| Comment reports | Content moderation and community safety | Legitimate interest (Section 24) |
+| IP address | Security, abuse prevention, and moderation | Legitimate interest (Section 24) |
+| User agent | Session management and security monitoring | Legitimate interest (Section 24) |
+| Session data | Maintaining your authenticated state | Contractual necessity (Section 24) |
+| Error tracking | Identifying and fixing application errors | Legitimate interest (Section 24) |
+| Session replay | Diagnosing errors in context | Legitimate interest (Section 24) |
+| Performance data | Monitoring and improving site performance | Legitimate interest (Section 24) |
+| Analytics data | Improving website performance | Consent (Section 19) |
## Cookies and Tracking
@@ -57,6 +63,8 @@
Vercel Analytics and Speed Insights load only after you grant consent via the banner at the bottom of the page. You can change your preference at any time by clearing your browser's local storage.
+Sentry error tracking and session replay are loaded automatically without requiring consent. These tools are used to maintain the stability and security of the website under legitimate interest. No advertising or cross-site tracking is performed.
+
## Third-Party Services
The following third-party services are used to operate fasu.dev:
@@ -66,6 +74,7 @@
| **Neon** | PostgreSQL database hosting | All stored personal data |
| **Cloudflare** | API hosting (Workers), file storage (R2), caching (KV), and CDN | Request data, uploaded avatars |
| **Vercel** | Frontend hosting, analytics, and performance monitoring | Page visits, performance metrics (consent required for analytics) |
+| **Sentry** | Error tracking, session replay, and performance monitoring | Error data, DOM snapshots, browser info, page URLs |
| **Resend** | Transactional email delivery | Email address, email content |
| **GitHub** | OAuth authentication | OAuth tokens, profile information |
@@ -80,6 +89,7 @@
| **Neon** (Database) | United States / European Union | Account data, comments, sessions, IP addresses | SOC 2 compliance; data encrypted at rest and in transit |
| **Cloudflare** (CDN & Workers) | Global edge network (including US, EU, Asia) | API requests, uploaded avatars, cached content | ISO 27001 certified; Standard Contractual Clauses (SCCs); global data processing addendum |
| **Vercel** (Hosting) | United States | Page visits, performance data, frontend assets | SOC 2 Type II; data processing addendum; analytics loaded only with consent |
+| **Sentry** (Error Tracking) | United States | Error reports, session replays, performance traces | SOC 2 Type II; data processing addendum; data encrypted in transit and at rest |
| **Resend** (Email) | United States | Email address, email content (verification, password reset) | Data encrypted in transit; processed only for email delivery |
| **GitHub** (OAuth) | United States | OAuth tokens, GitHub profile data (name, email, avatar) | SOC 2 certified; data processed only for authentication |
@@ -103,9 +113,11 @@
| Comments | Retained until you delete the comment or your account |
| Comment reports | Retained until reviewed and resolved by an administrator |
| Verification tokens | Retained until used or expired |
+| Error tracking data | Retained by Sentry for 90 days |
+| Session replays | Retained by Sentry for 90 days |
| Analytics data | Managed by Vercel per their retention policy |
-When you delete your account, all associated personal data — sessions, comments, linked accounts, and reports — is permanently deleted via cascading deletion.
+When you delete your account, all associated personal data — sessions, comments, linked accounts, and reports — is permanently deleted via cascading deletion. Error tracking and session replay data stored in Sentry is not linked to user accounts and expires per Sentry's retention schedule.
## Data Export