Skip to main content
Version: 0.9.x

Data Privacy

Introduction

At Lunar.dev, we are committed to protecting the privacy and security of our users' data. In an effort to be as transparent as possible, this document outlines the data collection practices within the Lunar.dev ecosystem, including what data is collected, how it is used, and what measures are taken to ensure its security.

Data Collection

Open Source Users (without Lunar Control Plane UI):

  • Logs: Lunar.dev collects logs containing information, errors, and warnings generated by the Lunar Proxy. Below is an example of what is sent to Lunar.dev.

Example of logs from Lunar Proxy

  • Policies.yaml files: Users may configure policies using policies.yaml files, which are stored by Lunar.dev.
  • Metadata: Lunar.dev collects metadata such as proxy version, tenant name, uptime, unexpected restarts, error logs, and environment variables. See below for examples of what is sent back to Lunar.dev

Example of API Key from Lunar Proxy Example of environment from Lunar Proxy Example of tenant name from Lunar Proxy

Lunar Control Plane (UI) Users:

  • Data Collected: Lunar.dev collects any data visible on the UI including overview summary information and specific information around the number of requests to API providers and their specific endpoints, error rates, total number of API calls, etc.
  • Information Sent: When a user launches a Lunar Proxy from the Lunar Control Plane with an API key, Lunar.dev sends summary information (dashboard view) to our backend.

Sandbox Users:

  • Data Collected: For sandbox users, Lunar.dev collects the GitHub username associated with the user's account.

Data Handling and Usage

Lunar.dev sends the following data to DataDog for monitoring and analysis purposes:

  • Logs from the proxy - This helps with understanding usage patterns, bug identification, and troubleshooting.
  • CPU, memory usage, disk writes, and tenant name - This info is used for support and debugging purposes.
  • Information related to enabled policies and plugins.
  • Information on endpoints with defined policies.

Data Not Sent

To further protect your privacy, Lunar.dev explicitly does not collect certain types of sensitive data:

  • Individual requests and responses: We do not store or process individual proxy requests, responses, or their headers.
  • Access Metrics: We do not track or record the volume of your requests or the endpoints you access.
  • Sensitive Personal Information: No personally identifiable information (PIIs) or authentication credentials are collected (when using the Authentication Mechanism plugin for example.)

Conclusion

Lunar.dev is committed to transparent data handling practices and ensuring the privacy and security of user data. If you have any questions or concerns regarding data privacy, please don't hesitate to reach out to us.