Privacy Policy
Last updated: July 4, 2026
This Privacy Policy explains how ErrorAnalyser ("ErrorAnalyser", "we", "us") handles your data when you use the ErrorAnalyser desktop application for Windows and the associated website (together, the "Service"). We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR). By using the Service you agree to this Policy.
1. Who we are
Controller: ErrorAnalyser. Privacy contact: contact@erroranalyser.com.
2. The data we process
a) Account data
When you register we process your email address and, if you provide it, your name. Passwords are handled and stored in hashed form by our authentication provider (Supabase) — we never see or store your plaintext password.
b) Windows error data (the core function)
The desktop app reads error, warning, and critical entries from your local Windows Event Log (System, Application, and — only if you choose — Security logs). Reading happens locally on your device. No event data leaves your computer until you actively start an analysis.
When you request an analysis, the selected events — their Event ID, source (provider) name, and the error message text (truncated) — are transmitted to our backend and on to our AI provider, Google, to generate an explanation. Windows error messages can contain personal data such as file paths that include your Windows username, device or machine names, application names, and occasionally IP addresses. Please be aware of this before analysing events, especially from the Security log.
c) Analysis cache
To avoid re-processing identical errors and to reduce cost, generated analyses are cached. Each cache entry is keyed by a one-way SHA-256 hash of the error content — the raw error message itself is not stored. We store the Event ID, the source name, and the AI-generated analysis. The cache is shared across users and is not linked to your account or identity.
d) Subscription & billing data
Payments are processed by Stripe. We do not receive or store your full card number. We store a Stripe customer identifier, your subscription plan, and its status / billing period.
e) Usage data
We keep counters of how many analyses you run (daily and monthly) to enforce rate limits and plan quotas. These are numeric counts, not the content of your errors.
f) Diagnostic data
We use Sentry for crash and error reporting, configured to exclude personal data and the content of your system errors — only the error type, stack trace, and failing function name are sent.
g) Product analytics
We use PostHog (EU Cloud) to understand how the Service is used and to improve it. Analytics runs only if you opt in — via the cookie banner on the website, or the telemetry choice shown on the desktop app's first launch. If you decline (or make no choice), no analytics events are collected and no analytics identifiers are stored. You can change your choice at any time (see section 6). Analytics data is identified by a pseudonymous identifier — your account's random UUID or, in the desktop app before you sign in, a random installation ID — never by your email address or name. We collect the following categories of events:
- Website usage — pages viewed on our website (path only, without query parameters).
- Account lifecycle — sign-up, sign-in, password reset, and account deletion events (the fact that they happened, not their content).
- Product usage — app installation / launch, starting an analysis, and use of features such as filters, refresh, or history (including the number of errors analysed — never their content).
- Subscription lifecycle — upgrade intent, checkout outcome, and subscription cancellation or reactivation.
- Plan limits — when you reach a usage limit or a Pro-only feature (used to size our plans sensibly).
Your IP address is processed by PostHog to derive an approximate location (country and city) for aggregate statistics. We do not use analytics autocapture, and analytics events never contain the content of your Windows error messages, your email address, or other directly identifying data.
h) Session replay (website only)
On a limited set of pages of our website we use PostHog's Session Replay to understand usability problems: the landing page, the pricing page, and the dashboard and account pages. Session replay is never active on pages where you enter credentials — sign-in, registration, and password reset pages are excluded — and all text you type into any input field is masked before a recording leaves your browser, even on the recorded pages. Session replay is not used in the ErrorAnalyser desktop application — your Windows error data and everything you do in the app is never recorded. Recordings are identified by the same pseudonymous identifier as other analytics events and are automatically deleted after 30 days.
i) Cookies & local storage
The website stores data in your browser for two purposes only:
- Strictly necessary — Supabase authentication tokens that keep you signed in (without these the account area cannot function), and a single
ea_consentcookie recording your cookie choice and when you made it (kept for 12 months). - Analytics (only after you accept) — a PostHog entry in local storage / a cookie holding the pseudonymous identifier described in section 2(g) and basic session state. It is set only after you accept analytics cookies, is removed if you withdraw consent, is not used for advertising, and is not shared with ad networks.
We do not use advertising or cross-site tracking cookies. Stripe sets its own cookies on its checkout and billing pages, which Stripe operates as described in its own privacy policy.
3. Why we process it & legal bases (GDPR Art. 6)
- To provide the Service (analyse errors, manage your account, process subscriptions) — performance of a contract.
- Security, abuse prevention, rate limiting, and reliability (including server-side crash and error diagnostics via Sentry, configured to exclude personal data) — our legitimate interests.
- Product analytics and session replay (understanding aggregate usage and usability problems to improve the Service, measured with pseudonymous identifiers, with credential pages excluded and input fields masked) — your consent (Art. 6(1)(a)), given via the cookie banner on the website or the telemetry choice in the desktop app. You can withdraw it at any time, as easily as you gave it (see section 6); withdrawal does not affect processing that happened before it.
- Legal and accounting obligations (e.g. retaining invoices) — compliance with a legal obligation.
4. Who we share data with (sub-processors)
We share data only with the providers needed to run the Service. We do not sell your personal data.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, backend functions | EU (Ireland) |
| Google (Gemini API) | AI processing of submitted error text | USA / global |
| Stripe | Payment & subscription processing | USA / global |
| Sentry | Crash / error diagnostics | EU (Germany) |
| PostHog | Product analytics (pseudonymous usage events) | EU (Germany) |
| Vercel | Website hosting & privacy-friendly web analytics (cookieless, aggregated, no personal identifiers) | USA / global |
Transfers to providers outside the EEA (Google, Stripe, Vercel) are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses. Error text sent to Google is processed under Google's API terms to generate your analysis; we use the paid Gemini API tier, under which Google does not use the submitted content to train its models.
5. Retention
- Account, subscription, and usage data: kept while your account is active, then deleted when you delete your account (subject to data we must retain for legal/accounting reasons, e.g. invoices).
- Analysis cache: retained to keep the Service efficient. Because cache entries are anonymous (hashed, not linked to you), they are not tied to or removed with your account.
- Diagnostic data: retained per Sentry's default retention period.
- Analytics events: retained in PostHog per its standard retention; identified only by pseudonymous identifiers as described in section 2(g).
- Session replay recordings: automatically deleted after 30 days.
6. Your rights
If you are in the EEA/UK you have the right to access, rectify, erase, export (portability), and restrict or object to the processing of your personal data, and to withdraw consent where applicable. You can withdraw your analytics consent at any time — on the website via the "Manage cookies" link in the footer, and in the desktop app via Settings → Privacy — and tracking stops immediately. You can delete your account and associated personal data at any time from the account settings page. To exercise any other right, contact contact@erroranalyser.com. You also have the right to lodge a complaint with your supervisory authority (in Poland, the President of the Personal Data Protection Office, UODO).
7. Security
We use encryption in transit (HTTPS), row-level security on our database, one-way hashing of cached error content, and restricted server-side keys for privileged operations. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Children
The Service is not directed to, and may not be used by, anyone under 16. We do not knowingly collect data from children.
9. Changes to this Policy
We may update this Policy from time to time. Material changes will be reflected by the "Last updated" date above.
10. Contact
Questions? Email contact@erroranalyser.com.