PayCal Technologies Inc.

Opt-in Diagnostics & Phantom Wing

PayCal includes an optional diagnostics layer that you control. Here is exactly what it collects, what stays on your device, and how it is used.

Published:

Overview

PayCal ships with a built-in diagnostics layer called Phantom Wing. By default it is almost entirely silent: it only captures severe, unhandled errors and never sends anything without your explicit opt-in.

If you run into a problem and want to share more context with support, you can enable extra diagnostics in Settings - Debugging (Optional). Each setting is independent; you can turn on just the one that is relevant. All three default to Off.

The Three Opt-in Controls

Each control lives in the Debugging (Optional) panel at the bottom of your Settings page. They are designed for troubleshooting only; turning them on may slow down page interactions slightly because extra work happens in the browser.

Setting What it enables Who sees it
Console Messages Emits warnings, informational logs, and performance markers to your browser developer console. Useful for self-diagnosis: open DevTools and look for messages prefixed with [PayCal]. You only: your browser console, never transmitted.
Detailed Diagnostics Enables step-by-step internal event logging. Phantom Wing captures operation lifecycles to an in-memory log that is included only in a support report you choose to share. You only, unless you share a support report.
Network Insights Logs API request timing, response sizes, and whether batching or caching was applied. Helps diagnose slowness on specific operations. You only: your browser console, never transmitted.

What Phantom Wing Does by Default

Even with all three controls off, Phantom Wing runs a lightweight baseline monitor that captures only severe failures:

  • Uncaught JavaScript exceptions (window.onerror)
  • Unhandled promise rejections
  • Fetch calls that fail with a network error, not HTTP errors handled per feature

This baseline data stays entirely in memory and is never transmitted anywhere. It is displayed in a one-second summary in the browser console at page load so you can quickly see if anything went wrong, then discarded.

// Baseline output when all clear (console, diagnostics off):
[PHANTOM WING] All clear - no errors or warnings detected.

// Baseline output when issues exist:
[PHANTOM WING] Error Summary
Total issues: 2 across 2 grouped location(s).
WARN 1: FormSubmit timed out after 8000ms
ERROR 1: Uncaught TypeError in calendar renderer

Phantom Wing & Telemetry

Phantom Wing has a lightweight telemetry channel used to measure feature reliability in aggregate, for example detecting if a particular operation is failing at an unusual rate across the platform.

What telemetry sends

  • Anonymized event counts bucketed per hour, for example pw.performance.metrics: count=1, bucket_hour=2026030914
  • Error category and type, never the full error message or stack trace
  • No user identifiers, no session tokens, no IP addresses

What telemetry never sends

  • Your name, email, or any account details
  • Earnings, pay period, or financial data
  • Full error messages or stack traces
  • URL paths or query strings
  • Keystrokes or form field values

Rate limiting & back-off

Telemetry submissions are rate-limited server-side per user per minute. If your client exceeds the threshold, the server acknowledges silently and discards the excess; nothing is stored. The client also applies exponential back-off: after two consecutive server-side failures it disables telemetry submission for ten minutes automatically.

// Telemetry payload shape (no personal data):
{
  "type": "pw.performance.metrics",
  "fields": {
    "count": 1,
    "bucket_hour": 2026030914,
    "flush_reason": "timer"
  }
}

Data Redaction

Before any value is stored in memory or transmitted through telemetry, Phantom Wing applies an automatic redaction pass. Values that match known sensitive patterns are replaced with [REDACTED]:

  • Email addresses
  • Bearer tokens and authorization header values
  • CSRF tokens
  • Strings that look like cryptographic keys or base64-encoded blobs above a minimum length

Redaction operates on all arguments passed to intercepted console methods and all telemetry field values before queuing. It cannot be bypassed by enabling diagnostic settings.

Scope Guards: Pages Where Diagnostics Are Suppressed

Telemetry submission is completely suppressed on authentication pages (/auth/). This means that even if Network Insights is turned on, no telemetry is flushed while you are on sign-in, sign-up, or recovery flows. This defense-in-depth measure prevents credential-adjacent data from appearing in diagnostic channels.

Your Control

All three diagnostic settings are stored as account preferences, not browser cookies. They follow your account across devices and sessions and default to Off for every account, including new accounts. You can change them at any time in Settings - Debugging (Optional).

Turning a setting off takes effect immediately on the next page load. No diagnostic data is retained between sessions: Phantom Wing's in-memory log is cleared when you navigate away or close the tab.

Summary

  1. All three debug controls default to Off and must be explicitly enabled by you
  2. Console Messages and Network Insights never leave your device
  3. Detailed Diagnostics stays in memory and is only shared if you choose to share a support report
  4. Telemetry sends only anonymized, aggregate event counts: zero personal data
  5. All values are redacted before storage or transmission, regardless of diagnostic settings
  6. Telemetry is fully suppressed on all authentication pages
  7. Rate limiting and automatic client back-off prevent accidental over-reporting

Phantom Wing is engineered so you can safely leave all diagnostics off indefinitely. The opt-in controls exist to give you and the support team a shared language when something goes wrong, not to collect data by default.