GDPR Compliance
LogVault is designed from the ground up to help you meet GDPR requirements for audit logging, data retention, and privacy.
EU Data Residency
All LogVault data is stored exclusively in Frankfurt, Germany (AWS eu-central-1). Your audit logs never leave the European Union, ensuring full compliance with GDPR data residency requirements.
Data Processing Agreement
LogVault acts as a Data Processor under GDPR. We provide a standard DPA that covers:
- Purpose and scope of processing
- Technical and organizational security measures
- Sub-processor list and notification procedures
- Data subject rights support
- Data breach notification procedures
Right to Erasure (Article 17)
Audit logs are immutable by design for compliance purposes. However, LogVault supports "soft deletion" where user identifiers can be anonymized while preserving the audit trail integrity:
- User IDs can be replaced with anonymized tokens
- The cryptographic chain remains intact
- Audit history is preserved for compliance
Data Retention
LogVault supports configurable retention periods based on your plan:
| Plan | Retention |
|---|---|
| Starter | 90 days |
| Pro | 1 year |
| Scale | 3 years |
| Enterprise | 7 years (configurable) |
PII Protection
Our automatic PII scrubbing helps you minimize personal data in audit logs by detecting and masking sensitive information before storage.
Security Measures
- Encryption at rest: AES-256 encryption for all stored data
- Encryption in transit: TLS 1.3 for all API communications
- Access controls: Role-based access with audit logging
- SOC 2 compliance: Inherited from our infrastructure providers
Sub-processors
LogVault uses the following sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & Authentication | EU (Frankfurt) |
| Railway | Application Hosting | EU (Frankfurt) |
| Vercel | Frontend Hosting | EU Edge |
| Stripe | Payment Processing | EU/US (SCCs) |
Contact
For GDPR-related inquiries or to request a custom DPA, contact us at privacy@logvault.eu.