Security & Data Handling

1. Where your data lives

Ravn's application and database run on infrastructure located in Helsinki, Finland — inside the EU. Your error events, stack traces, and account data do not leave the EU as part of normal operation.

2. What the AI analysis sees

Root cause analysis is generated by OpenAI's gpt-4o-mini model. Before any log message or error title is sent to OpenAI, it passes through a scrubbing step that strips:

Only the scrubbed text and a short, cautious prompt are sent — the model is explicitly instructed to use tentative language ("this might indicate") rather than assert a definitive cause. We do not send full request bodies, headers, or unscrubbed user data for analysis.

3. Transport & storage

All traffic between the SDK, your dashboard, and our API is encrypted in transit via HTTPS/TLS. Data is encrypted at rest. Passwords are hashed with bcrypt — never stored in plaintext. API keys are stored server-side as hashed values.

4. Data retention

Retention is plan-based: 30 days on the Free plan, 90 days on Solo and Team, 365 days on Business and Enterprise. You can delete any project's data, or your entire account, at any time from the dashboard — deletion is immediate, not a soft-delete queued for later.

5. What we don't do

We don't sell or share your error data with third parties for advertising. We don't train models on your data. We don't store raw IP addresses from your website visitors — see our Privacy Policy for how signup metadata is derived instead.

6. Reporting a security issue

If you find a security issue, please email support@getravn.com rather than opening a public issue. We'll acknowledge within 48 hours.