legal: narrow Sentry PII / Session Replay config before publishing privacy policy #176

New Issue

chihlasm · 2026-05-14T15:57:01Z

chihlasm commented

2026-05-14 15:57:01 +00:00

Source: /legal/attorney-review-checklist.md item A2.

Problem. Sentry is configured more permissively than typical defaults:

Backend: send_default_pii=True in backend/app/main.py:14-26 — user IDs and request body fragments flow to Sentry by default.
Frontend Session Replay: maskAllText: false, blockAllMedia: false in frontend/src/instrument.ts:9-12 — replays may capture visible page text and images. Sampling: 1% of normal sessions, 100% of error sessions.

Why it matters. Customer Data (ticket bodies, AI session transcripts, FlowPilot conversations, file content) can land in Sentry replays and error reports. We are processing this data on behalf of MSP customers — sending it to Sentry without scrubbing is a sub-processing surface that the DPA must disclose accurately, OR we should narrow the config so the disclosure can be narrower.

Recommended fix (preferred over expanded disclosure):

Set send_default_pii=False in backend Sentry init
Enable text masking on routes that render Customer Data (FlowPilot, AI chat, session views, file viewers) — use data-sentry-mask or per-component <Mask> wrappers
Add Sentry data-scrubbing rules to drop fields named intake_content, conversation_messages, ticket_data, escalation_package, resolution_note_markdown, escalation_package_markdown, system_prompt_snapshot, pending_task_lane from event payloads
Consider lowering replaysSessionSampleRate from 0.01 to 0 in prod until masking is in place

Acceptance criteria.

Backend send_default_pii=False or explicit per-event scrubbing
Customer-Data-rendering routes masked in Session Replay
Scrubbing rules added in Sentry project settings (or beforeSend filter)
/legal/implementation-verification.md Sentry row flips from ⚠️ → ✅
Verify in Sentry UI: pick a recent FlowPilot error event and confirm no ticket content is present

Blocker for: publishing legal docs and onboarding enterprise MSPs (this is a common DPA-negotiation question).

Companion files:

/legal/attorney-review-checklist.md (item A2)
/legal/privacy-policy.md §3.2

**Source:** `/legal/attorney-review-checklist.md` item A2. **Problem.** Sentry is configured more permissively than typical defaults: - **Backend:** `send_default_pii=True` in [backend/app/main.py:14-26](https://gitea.resolutionflow.com/chihlasm/resolutionflow/src/branch/main/backend/app/main.py#L14-L26) — user IDs and request body fragments flow to Sentry by default. - **Frontend Session Replay:** `maskAllText: false, blockAllMedia: false` in [frontend/src/instrument.ts:9-12](https://gitea.resolutionflow.com/chihlasm/resolutionflow/src/branch/main/frontend/src/instrument.ts#L9-L12) — replays may capture visible page text and images. Sampling: 1% of normal sessions, 100% of error sessions. **Why it matters.** Customer Data (ticket bodies, AI session transcripts, FlowPilot conversations, file content) can land in Sentry replays and error reports. We are processing this data on behalf of MSP customers — sending it to Sentry without scrubbing is a sub-processing surface that the DPA must disclose accurately, OR we should narrow the config so the disclosure can be narrower. **Recommended fix (preferred over expanded disclosure):** 1. Set `send_default_pii=False` in backend Sentry init 2. Enable text masking on routes that render Customer Data (FlowPilot, AI chat, session views, file viewers) — use `data-sentry-mask` or per-component `<Mask>` wrappers 3. Add Sentry data-scrubbing rules to drop fields named `intake_content`, `conversation_messages`, `ticket_data`, `escalation_package`, `resolution_note_markdown`, `escalation_package_markdown`, `system_prompt_snapshot`, `pending_task_lane` from event payloads 4. Consider lowering `replaysSessionSampleRate` from 0.01 to 0 in prod until masking is in place **Acceptance criteria.** - [ ] Backend `send_default_pii=False` or explicit per-event scrubbing - [ ] Customer-Data-rendering routes masked in Session Replay - [ ] Scrubbing rules added in Sentry project settings (or `beforeSend` filter) - [ ] `/legal/implementation-verification.md` Sentry row flips from ⚠️ → ✅ - [ ] Verify in Sentry UI: pick a recent FlowPilot error event and confirm no ticket content is present **Blocker for:** publishing legal docs and onboarding enterprise MSPs (this is a common DPA-negotiation question). **Companion files:** - `/legal/attorney-review-checklist.md` (item A2) - `/legal/privacy-policy.md` §3.2

chihlasm referenced this issue from a commit

2026-05-14 16:51:26 +00:00

docs(legal): add baseline legal documents (privacy, ToS, DPA, subprocessors, cookies)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: chihlasm/resolutionflow#176