getsentry · chargome · Jun 3, 2026
diff --git a/develop-docs/sdk/foundations/client/data-collection/index.mdx b/develop-docs/sdk/foundations/client/data-collection/index.mdx
@@ -2,12 +2,15 @@
 title: Data Collection
 description: Configuration for what data SDKs collect by default, including technical context, PII, and sensitive data.
 spec_id: sdk/foundations/client/data-collection
-spec_version: 0.1.0
-spec_status: draft
+spec_version: 1.0.0
+spec_status: candidate
 spec_depends_on:
   - id: sdk/foundations/client
     version: ">=1.0.0"
 spec_changelog:
+  - version: 1.0.0
+    date: 2026-06-03
+    summary: Promoted to candidate following the initial JavaScript SDK implementation.
   - version: 0.1.0
     date: 2025-03-05
     summary: Initial spec; dataCollection config, three data sensitivity levels, cookies/headers denylist, replace sendDefaultPii.
@@ -35,7 +38,7 @@ Related specs:
 
 ## Concepts
 
-<SpecSection id="data-sensitivity-levels" status="draft" since="0.1.0">
+<SpecSection id="data-sensitivity-levels" status="candidate" since="1.0.0">
 
 ### Data Sensitivity Levels
 
@@ -80,7 +83,7 @@ For the canonical list of terms used to detect sensitive values at collection ti
 
 ## Behavior
 
-<SpecSection id="configuration-surface" status="draft" since="0.1.0">
+<SpecSection id="configuration-surface" status="candidate" since="1.0.0">
 
 ### Configuration Requirements
 
@@ -90,7 +93,7 @@ SDKs **MUST** support at least the `userInfo` option, key-value collection modes
 
 </SpecSection>
 
-<SpecSection id="collection-defaults" status="draft" since="0.1.0">
+<SpecSection id="collection-defaults" status="candidate" since="1.0.0">
 
 ### Default Collection Behavior
 
@@ -102,7 +105,7 @@ The three sensitivity levels determine whether data is collected by default:
 
 </SpecSection>
 
-<SpecSection id="sensitive-denylist" status="draft" since="0.1.0">
+<SpecSection id="sensitive-denylist" status="candidate" since="1.0.0">
 
 ### Sensitive Denylist
 
@@ -193,7 +196,7 @@ No built-in option scrubs **keys**; users who need to hide header or cookie name
 
 </SpecSection>
 
-<SpecSection id="integration-overrides" status="draft" since="0.1.0">
+<SpecSection id="integration-overrides" status="candidate" since="1.0.0">
 
 ### Integration-Level Overrides
 
@@ -211,7 +214,7 @@ corresponding global `dataCollection` values for the data that integration colle
 
 </SpecSection>
 
-<SpecSection id="user-set-data-scrubbing" status="draft" since="0.1.0">
+<SpecSection id="user-set-data-scrubbing" status="candidate" since="1.0.0">
 
 ### User-Set Data and Scrubbing
 
@@ -239,7 +242,7 @@ This means if a user calls `Sentry.setUser({ email: "jane@example.com" })`, that
 
 ## Public API
 
-<SpecSection id="option-types" status="draft" since="0.1.0">
+<SpecSection id="option-types" status="candidate" since="1.0.0">
 
 ### Option Types
 
@@ -475,7 +478,7 @@ public enum BodyType {
 
 </SpecSection>
 
-<SpecSection id="datacollection-options" status="draft" since="0.1.0">
+<SpecSection id="datacollection-options" status="candidate" since="1.0.0">
 
 ### `dataCollection` Options
 
@@ -509,14 +512,14 @@ init({
 
   | Key | Option Type | Default | Since | Description |
 |-----|-------------|---------|-------|-------------|
-| `userInfo` | Boolean | `false` | 0.1.0 | Automatically populate `user.*` fields (`user.id`, `user.email`, `user.username`, `user.ip_address`) from instrumentation sources (typically set by `Sentry.setUser()`). Does not affect any other data category. |
-| `cookies` | Key-value collection | `{ mode: "denyList" }` | 0.1.0 | Collect cookies. All key names are always included; the SDK scrubs values for keys matching the sensitive denylist or custom allow/deny terms. |
-| `httpHeaders` | `{ request?, response? }` | Both `{ mode: "denyList" }` | 0.1.0 | Collect HTTP headers. Configure request and response independently using key-value collection modes. All key names are always included. |
-| `httpBodies` | `string[]` (body types) | `[]` (off) | 0.1.0 | List of body types to collect. Empty or omitted = off. Valid values: `"incomingRequest"`, `"outgoingRequest"`, `"incomingResponse"`, `"outgoingResponse"`. |
-| `queryParams` | Key-value collection | `{ mode: "denyList" }` | 0.1.0 | Collect URL query parameters. All key names are always included; the SDK scrubs values for keys matching the sensitive denylist or custom allow/deny terms. |
-| `genAI` | `{ inputs?, outputs? }` | Both `true` | 0.1.0 | For `inputs`: Include the content of generative AI inputs (e.g. prompt text, tool call arguments). <br /><br /> For `outputs`: Include the content of generative AI outputs (e.g. completion text, tool call results). Metadata such as model name and token counts is always collected regardless of these settings. |
-| `stackFrameVariables` | Boolean | `true` | 0.1.0 | Include local variable values captured within stack frames. |
-| `frameContextLines` | Integer (`Boolean` fallback) | `5` (`true`) | 0.1.0 | Number of source code lines to include above and below each stack frame. <br/> **`Boolean` fallback:** Not all platforms support integer configuration values. SDKs **MAY** accept a boolean, where `true` is equivalent to the platform default (typically `5`) and `false` is equivalent to `0` (no context lines). SDKs **SHOULD** prefer accepting an integer when their platform supports it. |
+| `userInfo` | Boolean | `false` | 1.0.0 | Automatically populate `user.*` fields (`user.id`, `user.email`, `user.username`, `user.ip_address`) from instrumentation sources (typically set by `Sentry.setUser()`). Does not affect any other data category. |
+| `cookies` | Key-value collection | `{ mode: "denyList" }` | 1.0.0 | Collect cookies. All key names are always included; the SDK scrubs values for keys matching the sensitive denylist or custom allow/deny terms. |
+| `httpHeaders` | `{ request?, response? }` | Both `{ mode: "denyList" }` | 1.0.0 | Collect HTTP headers. Configure request and response independently using key-value collection modes. All key names are always included. |
+| `httpBodies` | `string[]` (body types) | `[]` (off) | 1.0.0 | List of body types to collect. Empty or omitted = off. Valid values: `"incomingRequest"`, `"outgoingRequest"`, `"incomingResponse"`, `"outgoingResponse"`. |
+| `queryParams` | Key-value collection | `{ mode: "denyList" }` | 1.0.0 | Collect URL query parameters. All key names are always included; the SDK scrubs values for keys matching the sensitive denylist or custom allow/deny terms. |
+| `genAI` | `{ inputs?, outputs? }` | Both `true` | 1.0.0 | For `inputs`: Include the content of generative AI inputs (e.g. prompt text, tool call arguments). <br /><br /> For `outputs`: Include the content of generative AI outputs (e.g. completion text, tool call results). Metadata such as model name and token counts is always collected regardless of these settings. |
+| `stackFrameVariables` | Boolean | `true` | 1.0.0 | Include local variable values captured within stack frames. |
+| `frameContextLines` | Integer (`Boolean` fallback) | `5` (`true`) | 1.0.0 | Number of source code lines to include above and below each stack frame. <br/> **`Boolean` fallback:** Not all platforms support integer configuration values. SDKs **MAY** accept a boolean, where `true` is equivalent to the platform default (typically `5`) and `false` is equivalent to `0` (no context lines). SDKs **SHOULD** prefer accepting an integer when their platform supports it. |