Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Rollbar is a US based error tracking platform that captures JavaScript exceptions on the browser and runtime exceptions on the server, then aggregates them into searchable error groups. Used by European SaaS, fintech and ecommerce teams to detect, triage and resolve production errors. Rollbar does not set tracking cookies by default.
Rollbar is an error monitoring and crash reporting platform operated by Rollbar Inc. from San Francisco. Its JavaScript SDK (rollbar.js) and server side SDKs (Python, Ruby, PHP, Node.js, Java, Go) capture exceptions, stack traces, contextual metadata and grouped error rates, then forward them to the Rollbar backend for search, alerting and triage.
Rollbar does not set tracking cookies by default. The JavaScript SDK reads errors from the global window error handler and posts them to api.rollbar.com. It can be configured to capture a user identifier, an email, a request body or to enrich payloads with custom data, all of which are optional and disabled by default.
Rollbar processes a minimal personal data set: visitor IP address, user agent, URL where the error occurred and the stack trace. The CNIL recognises crash reporting as a legitimate interest activity under Article 6(1)(f) GDPR. Rollbar Inc. acts as a processor under Article 28 GDPR. ePrivacy does not apply because no terminal storage is accessed in the default configuration.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Default Rollbar usage does not require consent because the SDK only fires on errors and stores nothing in the visitor browser. Consent becomes required if you enable payload capture that reveals personal data (rollbar.configure({ payload: { person: { id, email, username } } })) or if you forward URL parameters that may contain identifiers without scrubbing.
Rollbar processes data on AWS us-east-1 by default. Enterprise customers can opt for the EU region (eu-west-1). Rollbar Inc. self certifies under the EU US Data Privacy Framework. Standard Contractual Clauses are included in the Rollbar DPA. The transfer should be documented in the publisher record of processing activities.
Sign the Rollbar DPA, opt for the EU region when available, configure scrubFields to remove password, credit card and PII fields from payloads, do not log request bodies or query strings by default, set a 30 to 90 day retention period, and declare Rollbar in the privacy notice under legitimate interest for security and reliability.
Websites using Rollbar must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for Rollbar in its default configuration because it captures error context only. A DPIA becomes recommended when rollbar.js is configured to capture user.email or user.id payloads, when full request bodies are logged, or when the platform is used to debug authenticated flows with sensitive data.
Sample consent text
We use Rollbar to detect and fix JavaScript errors on this website. Rollbar receives the stack trace, the URL where the error occurred, your browser version and operating system. No advertising cookies are set. Personally identifiable data is scrubbed before sending.
Third-party domains contacted
api.rollbar.comcdn.rollbar.comrollbar.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies set | first_party | N/A | Rollbar does not set any cookies on visitor browsers in default configuration. The JavaScript SDK only reads errors from window.onerror and posts them to api.rollbar.com. |
Rollbar collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Rollbar does not set tracking cookies. The JavaScript SDK reads errors from window.onerror and posts JSON payloads to api.rollbar.com. No browser identifier is stored unless you explicitly add one through rollbar.configure({ payload: { person: { id } } }).
No in the default configuration. Rollbar only collects crash reports when an error occurs and does not access the visitor terminal. Consent becomes required if you opt in to payload features that capture personal data such as user.email, full request bodies or query strings with identifiers.
Legitimate interest under Article 6(1)(f) GDPR applies for crash reporting and reliability. Rollbar Inc. acts as a processor under Article 28 GDPR. Documenting the balancing test (your interest in stability vs the impact on visitors) in your record of processing activities is recommended.
Yes by default. Rollbar runs on AWS us-east-1. Enterprise customers can opt for the EU region (eu-west-1). Rollbar Inc. self certifies under the EU US Data Privacy Framework. Standard Contractual Clauses are included in the Rollbar DPA.
No for the default configuration limited to stack traces and technical metadata. A DPIA is recommended when payloads capture user.email, full request bodies, query strings with identifiers, or when Rollbar is used in healthcare or financial regulated contexts.
Sign the Rollbar DPA, opt for the EU region where available, configure scrubFields to remove password, credit card and PII fields, disable request body logging by default, set a 30 to 90 day retention period, and declare Rollbar under legitimate interest in your privacy notice.
European error tracking alternatives include Sentry (self hosted or EU SaaS region), Bugsnag (EU region), Raygun (EU region), GlitchTip (open source, self hosted), Honeybadger and Highlight (open source). All require the same scrubbing and retention discipline as Rollbar.
A dedicated cookie policy entry is usually unnecessary because Rollbar sets no cookies in default configuration. Mention Rollbar in the privacy notice as a processor for error tracking, list the data transferred, the EU or US region, the retention period, and link to the Rollbar privacy notice.