We recently became aware that a third party service called Datadog we're using to help manage things like crash logs, errors, debug logs, and general analytics during our beta was also unintentionally storing some unnecessary information because of a misconfiguration on our part. As a matter of practice, we aim to only collect non personally identifiable data when it comes to our logs. However, the library we use to send metrics was reporting more than intended, including information about button clicks and navigation. Under some circumstances this could contain personal data. For example; group chat names, server names, URLs to profile images, etc..
To be clear, our use of these logs has exclusively been for crashlogs, usage metrics, and debugging - no other party has had access. Under no circumstances would passwords or the text content of delete messages be affected by this issue.
To be extra safe, we have completely removed this logging from the app in the latest update. In addition, we are deleting all of the debug/error/access logs. If you have any questions about this please feel free to reach out to us with questions either through our Discord or through a DM on Twitter.
A special thanks goes out to Justn, who worked with us over many months to track down this issue and bring it to our attention.
Bullet Points if your low on time: