Security
How we protect your data and keep your team's information safe.
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Database connections use SSL, and all API communications are served over HTTPS.
SOC 2 Compliance Readiness
Logged is built with SOC 2 principles in mind. We implement access controls, audit logging, and change management processes aligned with SOC 2 Type II requirements.
GDPR Compliance
We are fully GDPR compliant. Your data is processed under a clear legal basis, you can exercise your data rights at any time, and we maintain a complete record of processing activities. Data processing agreements are available upon request.
Infrastructure
Logged runs on Vercel (EU region) for application hosting and Supabase (EU region) for database hosting. All infrastructure providers maintain SOC 2 Type II and ISO 27001 certifications.
Access Controls
Role-based access control ensures team members only see what they need. Admin and member roles have clearly separated permissions. Two-factor authentication is available for all accounts. Session management includes automatic expiration and secure token handling.
Data Retention
Active account data is retained for the duration of your subscription. After account deletion, personal data is removed within 30 days and backups are purged within 90 days. You can export all your data at any time before deletion.
Audit Trail
Every action in Logged is recorded in an immutable audit log. Time entry changes, approval decisions, report generation, and team management actions are all timestamped and attributed to specific users. This audit trail is available to team administrators.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to security@logged.nl. We will acknowledge receipt within 48 hours and work to resolve confirmed vulnerabilities promptly. We do not take legal action against good-faith security researchers.