Collected Data
What Data exactly is Tideways Collecting?
Tideways collects different kinds of data from your application that we can group into four categories:
The following documentation chapter explains in detail what information we retrieve from your application for each of the three categories. Whenever we collect data that could potentially contain user data then we require you to opt-in to the collection of this data. By default, we are very careful to collect as little data as possible to provide valuable information to you.
In general all data collected by the PHP extension is first sent to a component called Tideways Daemon running on your own infrastructure. All data is anonymized, scrubbed and filtered on the daemon before it is sent to our backend. This makes sure that you are the data processor of all potentially sensitive information before control of the data is handed to Tideways.
Tideways only collects data that is meaningful for the purpose of operating a healthy web application. No tracking information about users or personally identifiable information is connected to the data collected by Tideways.
See more information about GDPR compliance and the Data Processing Agreement that you can sign with us.
See Daemon Configuration Reference
for the --log-outgoing
flag if you want to inspect the payloads sent to our backend.
Request Monitoring Data
For every production server that continuously monitors your application, for every request we collect:
-
The response time
-
The total duration of database queries, http requests and other timing information
-
The transaction name, automatically detected from framework or application and
-
The PHP script’s filename,
-
Its memory consumption
-
HTTP status codes
-
Categorization into service and environment made by developers, administrators
Timeline Traces and Callgraph Profiles
The Profiler of Tideways collects performance and metadata information about requests made to an application by visitors.
A trace always contains the following metadata:
-
HTTP Status code
-
HTTP Method, Host and URL
-
Anonymized HTTP Query string, filtering out common variable names and allowing customization
For Callgraph profiling data, we collect timing and memory information about all PHP functions for example:
main(), 1 Call, 20ms Duration, 19ms CPU time, 0.1 KB Memory
main()==>foo, 1 Call, 20ms Duration, 19ms CPU time, 0.1 KB Memory
foo==>strlen, 1 Call, 17ms Duration, 16ms CPU time, 0.1 KB Memory
Callgraph profiles never contain function arguments, only the function name itself.
Timeline tracing can contain information such as:
-
Anonymized SQL queries, using either a summary or a more complete query (configurable by you).
-
Outgoing HTTP requests hosts, URL, status codes and filtered query string
-
Caching operations for Memcache, Redis, APCu and others
-
Calls to other databases for example MongoDB
-
Event names for Event Dispatcher implementations of various frameworks
-
Garbage collection information
-
Commands executed via shell APIs
-
Template names, when using Twig, Smarty, and other template engines
-
Stack traces with just the parent function names to identify where a timespan was called from in application code
Information that we are not collecting:
-
IP Addresses
-
Environment variables
-
GET, POST, SESSION, and other request data
-
User cookies
You can opt-in to sending us non-critical data, by using the custom instrumentation API, by manually white-listing it. |
Error and Exception Data
Error Monitoring tracks Exceptions and Crashes in PHP applications and contains metadata:
-
A stack trace with just parent function names, filenames and line
-
An anonymized version of your exception or PHP (Fatal-) error message
-
Type of the exception class or error
We strip exceptions from critical information using a database of exceptions that is known to contain private information.
If you want, we can also collect and transmit the PHP code (5 lines before and after) the error or exception occurred, but this is optional and disabled by default. |
Information about errors that we are not collecting includes:
-
User Cookies
-
Environment variables
-
GET, POST, SESSION, and other request data
-
IP address, browser, and other identifying values
You can opt-in to sending us non-critical data, by using the custom instrumentation API, by manually white-listing it. |
PHP and System Data
To provide a general picture of the PHP application health and to provide better support experience, Tideways collects system and PHP information:
-
Server Name
-
Operating System and Version
-
Load Average
-
PHP Version
-
Installed PHP Extensions and Versions
-
Selected PHP.ini variables helpful for performance analysis
-
Selected PHP-FPM configuration information helpful for performance analysis