Compliance & Security
Compliance & Security
Section titled “Compliance & Security”At LogCentral, we take the security and privacy of your log data seriously. This document outlines our security practices, compliance posture, and the shared responsibilities between LogCentral and our customers.
Security Principles
Section titled “Security Principles”Privacy & Data Protection by Design
Section titled “Privacy & Data Protection by Design”- Your logs belong to you
- We process logs only for the services you’ve requested
- No log data is shared with third parties
- Data deletion is complete and irreversible when requested
Defense in Depth
Section titled “Defense in Depth”Multiple layers of security protect your data:
- Network security (firewalls, DDoS protection)
- Application security (secure coding, regular audits)
- Data security (encryption, access controls)
- Operational security (monitoring, incident response)
Data Security
Section titled “Data Security”Encryption
Section titled “Encryption”| Data State | Encryption |
|---|---|
| In Transit | TLS 1.2+ for all connections |
| At Rest | AES-256 encryption |
| Backups | Encrypted with separate keys |
Data Isolation
Section titled “Data Isolation”- Each organization’s data is logically isolated
- Strict access controls between tenants
- No cross-organization data access
Data Residency
Section titled “Data Residency”- Primary infrastructure in EU (France)
- Data does not leave the EU unless specifically requested
- GDPR-compliant data handling
Access Controls
Section titled “Access Controls”Authentication
Section titled “Authentication”- Secure password requirements
- OAuth 2.0 social login support
- Session management with automatic timeouts
Authorization
Section titled “Authorization”- Role-based access control (RBAC)
- Granular permissions per organization
- Audit logging of all access
Enterprise Features
Section titled “Enterprise Features”- SSO/SAML integration (Enterprise plan)
- IP allowlisting
- Custom session policies
Infrastructure Security
Section titled “Infrastructure Security”Cloud Infrastructure
Section titled “Cloud Infrastructure”- Hosted on enterprise-grade European cloud providers
- Regular security patches and updates
- Redundant systems for high availability
Network Security
Section titled “Network Security”- DDoS protection
- Web Application Firewall (WAF)
- Intrusion detection systems
- Regular penetration testing
Physical Security
Section titled “Physical Security”- Data centers with 24/7 security
- Biometric access controls
- Video surveillance
- Environmental controls
Compliance
Section titled “Compliance”LogCentral is fully GDPR compliant:
- Clear data processing agreements
- Right to access, rectify, and delete data
- Data portability support
- Privacy by design principles
Data Processing Agreement
Section titled “Data Processing Agreement”Enterprise customers receive a DPA covering:
- Processing purposes and scope
- Data subject rights
- Security measures
- Sub-processor list
- International transfer mechanisms
Industry Standards
Section titled “Industry Standards”Compliant with major security standards:
- ISO 27001
- SOC 2 Type II
- GDPR
We also follow industry best practices including OWASP security guidelines.
Shared Responsibility
Section titled “Shared Responsibility”LogCentral’s Responsibilities
Section titled “LogCentral’s Responsibilities”We are responsible for:
- Securing the LogCentral platform
- Encrypting data in transit and at rest
- Maintaining infrastructure security
- Providing secure authentication
- Regular security updates
- Incident detection and response
Customer Responsibilities
Section titled “Customer Responsibilities”You are responsible for:
- Securing access credentials
- Managing user permissions appropriately
- Configuring IP allowlists if needed
- Ensuring authorized use by your team
- Complying with applicable laws for your data
- Reporting suspected security incidents
Incident Response
Section titled “Incident Response”Our Commitment
Section titled “Our Commitment”- 24/7 security monitoring
- Rapid incident response team
- Customer notification within 72 hours of confirmed breach
- Post-incident reports and remediation
Reporting Security Issues
Section titled “Reporting Security Issues”If you discover a security vulnerability:
- Email [email protected]
- Include detailed description
- Do not publicly disclose until resolved
- We aim to respond within 48 hours
Data Retention & Deletion
Section titled “Data Retention & Deletion”Retention Periods
Section titled “Retention Periods”| Data Type | Retention |
|---|---|
| Active Logs | Per your plan (7-365+ days) |
| Archived Logs | Per your plan settings |
| Account Data | Until account deletion |
| Audit Logs | 2 years |
Data Deletion
Section titled “Data Deletion”When you delete data:
- Active logs: Immediately removed from search
- Archived logs: Marked for deletion, purged within 30 days
- Account deletion: All data removed within 30 days
- Backups: Purged within 90 days
Security Best Practices for Customers
Section titled “Security Best Practices for Customers”Account Security
Section titled “Account Security”- Use strong, unique passwords
- Enable two-factor authentication (if available)
- Regularly review user access
- Remove inactive users promptly
API Security
Section titled “API Security”- Rotate API keys periodically
- Use least-privilege permissions
- Monitor API usage for anomalies
- Never commit API keys to code repositories
Network Security
Section titled “Network Security”- Use IP allowlists for sensitive locations
- Ensure syslog traffic uses secure transport when possible
- Monitor for unauthorized access attempts
Questions?
Section titled “Questions?”For security-related inquiries:
- Email: [email protected]
- Request our security documentation package
- Schedule a security review call (Enterprise customers)
For compliance documentation:
- DPA requests: [email protected]
- Compliance questionnaires: Contact your account manager