These are the things we do at AppSignal to keep your data safe.
Language specific libraries
The Ruby gem and the Elixir package are public code, hosted on GitHub. You can browse the source to see how we handle the data. Our closed-source agent will send the actual data to the AppSignal servers.
Built into the Ruby gem and Elixir package is a system that allows you to scrub any data you don't want to send over the wire, such as passwords and identifiable user information. See the Ruby gem documentation and Elixir documentation on how to do this.
It's also possible to ignore entire actions (such as controller actions and background jobs) by configuring the ignore actions option (for Ruby and Elixir). These actions will not be monitored and no data will be sent to the AppSignal servers.
With the release of the AppSignal Ruby gem version 1.0 on the 12th of January 2016 we started shipping all our language specific libraries with a system agent.
When an application with AppSignal integration starts the language integration starts a separate UNIX process. The Ruby gem and Elixir package will send all transaction samples to this agent through a UNIX socket. The agent will periodically sends the transaction samples to the AppSignal servers.
The system agent will also collect host specific data such as CPU usage, load average, memory usage, disk usage, etc. See the Host metrics for more information.
The data is sent through a secure (SSL) connection to our servers.
The code of this system agent is not publicly available, but uses the same basic principle of how our Ruby gem pre
1.0 sends the data to our servers.
All payments are handled through Stripe. We do not store or log any credit card information on our servers. The payment provider is PCI compliant, and all credit card and other payment data is also sent over a secure (SSL) connection.
The AppSignal application
AppSignal runs exclusively on secure (SSL) connections and is hosted in a top tier data center. The data center is monitored 24/7, both physically and virtually. Your data is stored redundantly and any sensitive information is stored in separate databases from other customers and long-term data (e.g. graphs). Our systems are kept up-to-date with the latest security patches and our network is locked down with firewalls and limited access.
All the data we collect from your application is yours and can be retrieved at any point in time through our API. You can remove your data at any time in "App Settings > General".
If you think you've found a security issue with regards to our application, network or integrations, please let us know immediately by sending an email to email@example.com.