diff --git a/app/assets/javascripts/app/lib/app_init/track.js.coffee b/app/assets/javascripts/app/lib/app_init/track.js.coffee
index d38594b59..fb84278ba 100644
--- a/app/assets/javascripts/app/lib/app_init/track.js.coffee
+++ b/app/assets/javascripts/app/lib/app_init/track.js.coffee
@@ -24,9 +24,9 @@ class _trackSingleton
     @trackId = 'track-' + new Date().getTime() + '-' + Math.floor( Math.random() * 99999 )
     @browser = App.Browser.detection()
     @data    = []
+#    @url     = 'http://localhost:3005/api/v1/ui'
 #    @url     = 'https://log.znuny.com/api/ui'
     @url     = 'https://portal.znuny.com/api/v1/ui'
-#    @url     = 'api/ui'
 
     @log( 'start', 'notice', {} )
 
@@ -60,13 +60,25 @@ class _trackSingleton
 
     # log ajax calls
     $(document).bind( 'ajaxComplete', ( e, request, settings ) =>
-      length = @url.length
-      if settings.url.substr(0,length) isnt @url && settings.url.substr(0,6) isnt 'api/ui'
+
+      # do not log ui requests
+      if settings.url && settings.url.substr(settings.url.length-3,3) isnt '/ui'
         level = 'notice'
         responseText = ''
         if request.status >= 400
           level = 'error'
           responseText = request.responseText
+
+        if settings.data
+
+          # add length limitation
+          if settings.data.length > 3000
+            settings.data = settings.data.substr(0,3000)
+
+          # delete passwords form data
+          if typeof settings.data is 'string'
+            settings.data = settings.data.replace(/"password":".+?"/gi, '"password":"xxx"')
+
         @log(
           'ajax.send',
           level,
@@ -85,7 +97,7 @@ class _trackSingleton
     $(window).bind(
       'beforeunload'
       =>
-        @log( 'end', 'notice', {} )
+        @log( 'good bye', 'notice', {} )
         @send(false)
         return
     )