Security & Data Handling
Last updated: July 2026
1. Where your data lives
Ravn's application and database run on infrastructure located in Helsinki, Finland — inside the EU. Your error events, stack traces, and account data do not leave the EU as part of normal operation.
2. What the AI analysis sees
Root cause analysis is generated by OpenAI's gpt-4o-mini model. Before any log
message or error title is sent to OpenAI, it passes through a scrubbing step that strips:
- Email addresses
- IPv4 addresses
- Credit card–shaped numbers
Only the scrubbed text and a short, cautious prompt are sent — the model is explicitly instructed to use tentative language ("this might indicate") rather than assert a definitive cause. We do not send full request bodies, headers, or unscrubbed user data for analysis.
3. Transport & storage
All traffic between the SDK, your dashboard, and our API is encrypted in transit via HTTPS/TLS. Data is encrypted at rest. Passwords are hashed with bcrypt — never stored in plaintext. API keys are stored server-side as hashed values.
4. Data retention
Retention is plan-based: 30 days on the Free plan, 90 days on Solo and Team, 365 days on Business and Enterprise. You can delete any project's data, or your entire account, at any time from the dashboard — deletion is immediate, not a soft-delete queued for later.
5. What we don't do
We don't sell or share your error data with third parties for advertising. We don't train models on your data. We don't store raw IP addresses from your website visitors — see our Privacy Policy for how signup metadata is derived instead.
6. Reporting a security issue
If you find a security issue, please email support@getravn.com rather than opening a public issue. We'll acknowledge within 48 hours.