Data that Tonic.ai collects

Tonic.ai collects telemetry data from the Tonic Structural application. Structural telemetry provides information about how the application is being used. It is primarily used to generate analytics for application usage and performance, but can also be used for debugging, tracking, and troubleshooting.

Structural telemetry includes:

In addition to telemetry data, Tonic.ai collects other information during the course of its interactions with customers.

The following information provides more detail about the types of data that Tonic.ai does and does not collect.

Self-hosted Structural data collection

Most customers self-host the Structural application in their own VPC. Customer data does not leave the customer's environment.

The Structural application transmits telemetry data to Tonic.ai to enable us to perform the following tasks:

• Manage our accounts

• Accurately invoice for usage

• Provide customer support

• Investigate errors within our application

• Understand usage to improve product development

Data that Tonic.ai does NOT collect, process, or store

On self-hosted instances, Tonic.ai never sees the following data:

• Customer data

  • The content of source, destination, and application databases that support the Structural application

• Datastore credentials

  • URI or IP address of the datastore

  • Credentials (password)

  • Proxy information

Analytics telemetry - end-user interactions

Tonic.ai collects data about end-user interactions with our application to understand how the application is used. We use this data for product research, roadmap development, debugging, and account management.

Tonic.ai collects the following information about end-user interactions:

• End-user identity

  • First and last name

  • Email address

• End-user interaction with the Structural application:

  • Last seen

  • First seen

  • Usage time

  • Total sessions

  • Total number of events initiated. Events can include jobs, configuration updates, downloads, database views, and interactions with the workspace.

• Application environment

  • Database type

  • Features enabled

  • Application version

  • License tier

• Location - derived from GeoIP

  • Country

  • City

  • Region (state, province, county)

  • Designated market area (DMA)

• Language

• Browser used to access the application

  • Platform (iOS, Android, Web)

  • Operating system

  • Device family (iPhone, Samsung Galaxy, Windows)

  • Device type (iPhone 13, MacBook Pro)

  • Carrier (AT&T, Verizon)

• Network and technical identifiers

  • IP address

  • Unique device identifier

Application delivery

To build and deploy software, Tonic.ai uses a container registry that is run by Quay.io. This container registry maintains information about access to these containers.

The registry maintains a list of authorized users (organizational accounts). It maintains, collects, and stores the following information:

• Network and technical identifiers

  • IP address

  • Unique device identifier

  • Operating system

Customer support and account management

Tonic.ai collects, processes, and stores information about end users:

• When they interact with our customer support and success staff during account implementation (scoping sessions, implementation calls).

• Throughout the life of the account, during customer support interactions (support emails, shared Slack channels).

Tonic.ai uses several tools to allow our customers to get the support they need quickly, including:

• Chat support

• Video training and implementation calls over web conferencing solutions

• Email support

We aggregate requests from these tools into our Customer Management System (CMS) and our centralized customer support management portal. Aggregating these requests helps us to ensure responsiveness and quality, and to more easily integrate requests into our development process.

We collect the following information related to customer requests:

• End-user identity

  • First and last name

  • Email address

  • Title

  • Avatar image

  • Images, video, or audio from participating in live training over a video or audio conference

  • Other personal information that the service provider collects and shares. For example, Google Mail collects voluntary directory information that it shares with email recipients. For an email interaction, Tonic.ai receives any information that is configured to be shared externally. Slack has configurable profiles that contain additional personal information such as pronouns and honorifics.

• Network and technical identifiers

  • IP address

  • Unique device identifier

This data is collected from your organization and users through communication with our staff. The Structural application does not collect this data.

Debugging and application performance management

Tonic.ai engineers monitor the application performance and errors. They use this information to maintain, repair, and improve the application.

For these purposes, Tonic.ai collects the following information:

• End-user identity

  • First and last name

  • Email address

• Environment details

  • Name

  • Application version

• Requests made by the application

  • URLs

  • Header information

  • HTTP POST parameters

  URL query parameters in exception messages are redacted when they are captured. The capturing agent replaces them with "". They are never sent to Tonic.ai.

• Stack traces and exceptions

  • Method arguments

  • Classes called

  • Processing time

  • CPU usage

• Location of error (application, file, and line)

  • Database queries

  • Database

  • Database table and names

  • Relationships between columns and tables

  WHERE clause literals are redacted when they are captured. The capturing agent replaces them with "". They are never sent to Tonic.ai.

• Network and technical identifiers

  • IP address

  • Hostname

  • Unique device identifier

• Operating system logs

Structural Cloud analytics data collection

Customers who do not self-host Structural can use the hosted option, Structural Cloud.

Structural Cloud collects, processes, and stores data to support the Structural application.

Structural Cloud stores information about end users, configuration, hashed passwords, and datastore connections.

Customer data

Structural Cloud does not store data from source databases. It does process customer data in memory during scans and jobs.

Structural Cloud collects the following customer data:

• End-user identity

  • First and last name

  • Email address

  • Job title

  • Avatar image

• Application environment

  • Database type

  • Features enabled

  • Application version being run

  • License tier

• Location - Derived from the GeoIP

  • Country

  • City

  • Region (state, province, county)

  • Designated market area (DMA)

• Language

• Browser used to access the application

  • Platform (iOS, Android, Web)

  • Operating system

  • Device family (iPhone, Samsung Galaxy, Windows)

  • Device type (iPhone 13, MacBook Pro)

  • Carrier (AT&T, Verizon)

  • Network and technical identifiers

  • IP address

  • Unique device identifier

• Datastore credentials

  • URI or IP address of the datastore

  • Credentials (password)

  • Proxy information

Additional analytics from Structural Cloud

Organizations in our hosted environment may also have additional analytics data collected, processed, and stored. This additional data allows Tonic.ai to replay their user sessions to better understand usage patterns.

Sensitive data is redacted from these collections on the end-user device.

This data is not collected from self-hosted customers.

Structural Cloud collects the following additional analytics data:

• Usage patterns

• Clicks

• Mouse movements

• Scrolling

• Typing - Excludes data that is typed in sensitive fields such as password fields

• Navigation

• Pages visited

• Referrers

• URL parameters

• Session duration

Structural log data

Structural log files are stored in an S3 bucket for one year.

Tonic.ai uses a log aggregator to make the log files searchable. On the log aggregator, job logs are deleted after six months. API logs are deleted after 60 days.

Schema information

Structural logs include detailed schema information for your database, including:

• Table, schema, and column names

• Data types

• Table sizes

Usage information

Structural logs include many types of usage information, including information related to:

• Actions in the user interface, from web requests that the web server sees.

• Details related to data generation.

• Workspace configuration details, such as the generators that are applied to each column.

Performance data

Tonic.ai collects detailed performance data for the generation process, including data transfer rates and code profiler results.

What is NOT in the log data

Structural has strong safeguards in place to ensure that actual data does not leak into logs.

Logs that are shared with Tonic.ai are always redacted. Structural does not send diagnostic logs to Tonic.ai.

Structural does not log information related to the database connection, such as the database username, password, and host.

Viewing the Structural logs that are sent to Tonic.ai

Structural writes all logs to STDOUT. To view the exact logs that are collected and shared, view what is written to STDOUT.

If the Structural container runs in Docker, you can run:

docker logs tonic_worker