Privacy Policy

1. Introduction

Logsync ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our audit logging service. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Logsync acts as the data controller for your account information and as a data processor for the audit log data you submit through our service. For questions about data processing, contact us at privacy@logsync.dev.

3. Lawful Basis for Processing

We process your data based on the following lawful bases:

• Contract: Processing necessary to fulfill our service agreement with you
• Legitimate Interest: Processing for service improvement and security
• Legal Obligation: Processing required by law (e.g., tax records)
• Consent: Where explicitly provided for optional communications

4. Information We Collect

Account Information

When you create an account, we collect your email address and create a secure password hash. We also collect billing information if you subscribe to a paid plan.

Audit Log Data

We store the audit events you send to our API, which may include actor IDs, actions, resources, timestamps, IP addresses, and custom metadata you provide. You control what data is included in these events.

Usage Data

We collect information about how you interact with our service, including pages visited, features used, and API call statistics.

5. How We Use Your Information

• To provide, operate, and maintain our service
• To process your transactions and manage your subscription
• To send you service-related communications (required for service operation)
• To respond to your inquiries and provide support
• To improve and optimize our service
• To detect and prevent fraud or abuse
• To comply with legal obligations

6. Data Retention

We retain data for the following periods:

• Audit log data: According to your plan's retention period (30 days to 3 years)
• Account data: Until you delete your account
• Billing records: 7 years (legal requirement)
• Support communications: 2 years after resolution

You can export your data at any time from your account settings. Upon account deletion, all personal data is permanently removed within 30 days.

7. Data Security

We implement industry-standard security measures including:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Secure password hashing (bcrypt)
• Regular security assessments and penetration testing
• Access controls and audit logging of our own systems
• DDoS protection and rate limiting

See our Security page for more details.

8. Sub-processors

We use the following third-party service providers (sub-processors) to help deliver our service:

All sub-processors are bound by data processing agreements and maintain appropriate security certifications.

9. Data Sharing

We do not sell your data. We may share data only in the following circumstances:

• With sub-processors listed above, solely to provide the service
• When required by law, court order, or government request
• To protect our rights, property, or safety, or that of our users
• In connection with a merger, acquisition, or sale of assets (with notice)

10. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Portability: Receive your data in a machine-readable format
• Right to Restrict Processing: Request limitation of processing
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

You can exercise most of these rights directly from your Account Settings (export data, delete account). For other requests, contact privacy@logsync.dev.

11. Cookies

We use only essential cookies required for the service to function:

• Session cookie: Maintains your login state (essential)

We do not use tracking cookies, analytics cookies, or third-party advertising cookies. No cookie consent banner is required as we only use essential cookies.

12. International Transfers

Your data may be processed in the United States and other countries where our sub-processors operate. For transfers outside the EEA, we rely on:

• EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission

13. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33.

14. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

16. Supervisory Authority

If you are in the European Economic Area and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

17. Contact Us

For privacy-related inquiries or to exercise your rights:

• Email: privacy@logsync.dev
• Response time: Within 30 days (as required by GDPR)