PII handling configured

Severity: Recommended

Error reports may capture user data (emails, IPs, request bodies). PII handling must be an intentional decision, not an accident.

Check automatically:

1. Check for PII/data scrubbing configuration:

# Check for PII settings in Sentry config
grep -riE "sendDefaultPii|beforeSend|beforeBreadcrumb|scrubFields|denyUrls|ignoreErrors" --include="*.ts" --include="*.js" --include="*.tsx" src/ lib/ app/ config/ 2>/dev/null | head -15

# Check for explicit PII settings
grep -riE "sendDefaultPii.*false|sendDefaultPii.*true" --include="*.ts" --include="*.js" . 2>/dev/null | grep -v node_modules

2. Check for data scrubbing hooks:

# Look for beforeSend sanitization
grep -A 20 "beforeSend" --include="*.ts" --include="*.js" src/ lib/ app/ config/ 2>/dev/null | grep -iE "sanitize|redact|scrub|delete|remove|email|password|token"

If not found in code, ask user:

• "Is PII (emails, IPs, user data) sent to Sentry or scrubbed?"
• "Is this a deliberate choice or default behavior?"
• "Any compliance requirements (GDPR) that affect this decision?"

Cross-reference with:

• Section 37 (GDPR & Privacy Compliance)

Pass criteria:

• PII handling is explicitly configured (either enabled or disabled intentionally)
• beforeSend hook exists to scrub sensitive data, OR sendDefaultPii: false explicitly set
• Decision is documented or evident in code comments

Fail criteria:

• Default Sentry config with no PII consideration
• Sensitive user data visible in Sentry dashboard without intention

Partial (acceptable):

• PII enabled intentionally for debugging - document the decision and ensure Sentry retention/access is locked down

Evidence to capture:

• PII configuration setting
• Any beforeSend/scrubbing logic
• Documented rationale if PII is enabled

---