Security & Privacy

Your Data Security is
Our Priority

We've built Logchits from the ground up with security and privacy at its core. Learn how we protect your data and your users' privacy.

SOC 2 Type II
GDPR
CCPA
HIPAA Ready

Security Features

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

SOC 2 Type II Compliant

Annual audits ensure our security controls meet the highest industry standards.

Privacy by Design

We collect only the minimum data necessary. PII is automatically masked by default.

GDPR Compliant

Full compliance with GDPR, CCPA, and other global privacy regulations.

Role-Based Access Control

Granular permissions ensure team members only access what they need.

Data Residency Options

Choose where your data is stored: US, EU, or other supported regions.

How We Handle Your Data

What We Collect

  • Device information (model, OS version, screen size)
  • App logs and crash reports
  • Network request metadata (URLs, status codes)
  • Session recordings (with privacy masking)
  • Custom events you choose to send

What We Don't Collect

  • Passwords or authentication tokens
  • Payment information
  • Personal health information
  • Location data (unless explicitly sent)
  • Any data from masked UI elements

Data Retention

  • Session data: 30 days (configurable)
  • Crash reports: 90 days
  • Analytics: 12 months
  • Audit logs: 7 years (Enterprise)
  • Data can be deleted on request

Automatic Privacy Masking

Our SDK automatically detects and masks sensitive information in session recordings and logs. This includes:

  • Password fields and secure text inputs
  • Credit card and payment forms
  • Personal identifiable information (PII)
  • Custom masked views you configure
// Mask sensitive views Logchits.maskView(creditCardInput) Logchits.maskView(passwordField) // Or use automatic detection Logchits.configure({ autoMaskSensitiveFields: true, maskAllTextInputs: false })

Configure masking per-view or enable automatic detection for common sensitive patterns.

Certifications & Compliance

SOC 2 Type II

Security, availability, and confidentiality

GDPR

European data protection compliance

CCPA

California Consumer Privacy Act

HIPAA Ready

Healthcare data protection (Enterprise)

ISO 27001

Information security management

Privacy Shield

EU-US data transfer framework

Our Security Practices

Regular penetration testing by third-party security firms
24/7 security monitoring and incident response
Employee background checks and security training
Secure development lifecycle (SDLC) practices
Bug bounty program for responsible disclosure
Multi-factor authentication for all employees
Quarterly access reviews and permission audits
Encrypted backups with geographic redundancy

Bug Bounty Program

We believe in responsible disclosure. If you discover a security vulnerability, we want to hear from you. We offer rewards for valid security reports.

Report a Vulnerability
Privacy Policy Terms of Service Data Processing Agreement Subprocessors