Security & Compliance

Security is the default.

We treat your data with the same rigor we apply to our own. LogKit is built on a foundation of defense-in-depth, ensuring your logs remain secure, private, and compliant from ingestion to archival.

Certifications & Compliance

Our platform meets rigorous international standards, giving you the peace of mind required for enterprise deployment.

SOC 2 Type II

AUDITED

Independent audit confirming our security, availability, and processing integrity controls are operating effectively.

GDPR Compliant

EU STANDARD

Designed to meet EU data protection regulations with built-in data subject rights and processing records.

CCPA Ready

CALIFORNIA

Respects California consumer privacy rights, including opt-out mechanisms for data selling practices.

HIPAA Ready

HEALTHCARE

Our platform meets HIPAA requirements. A signed Business Associate Agreement (BAA) is available upon request.

Data Encryption

We encrypt your data at every stage of its lifecycle, using industry-standard protocols managed through AWS KMS.

In-Transit Security

TLS 1.3 enforced by default.

All data transmitted between your application and LogKit's ingestion endpoints is secured using TLS 1.3. We enforce strict certificate pinning and disable legacy protocols to prevent man-in-the-middle attacks.

At-Rest Security

AES-256 encryption.

Logs are encrypted at rest in our storage layer using AES-256 encryption. Data keys are managed dynamically via AWS KMS (Key Management Service), ensuring that even our engineers cannot access your raw data without explicit authorization.

Granular Access Control

You control who sees what. Implement the principle of least privilege across your entire organization.

RBAC & SSO

Integrate with Okta, OneLogin, or Azure AD for SSO. Define granular Roles (Admin, Analyst, Read-Only) with specific permissions for dashboards, data export, and configuration changes.

Scoped API Keys

Generate unique API keys with strict scoping. Restrict keys to specific services, data retention windows, or query namespaces to prevent unauthorized data access via the API.

Immutable Audit Logs

Every administrative action—user creation, permission changes, password resets—is logged immutably. These logs are stored separately and are不可篡改, providing a complete forensic trail.

Infrastructure & Data Policy

Built on a secure, resilient foundation with a strict no-data-sharing policy.

Cloud Provider: LogKit is hosted on Amazon Web Services (AWS) in us-east-1, us-west-2, and eu-west-1. We utilize AWS's multi-AZ architecture to ensure high availability and disaster recovery.

Region Selection: Enterprise customers can select a specific AWS region for data residency. This ensures your data never crosses international borders unless explicitly requested.

No Third-Party Sharing: We do not sell, rent, or share your log data with any third-party advertisers or analytics vendors. Your data is yours alone, used solely to power the LogKit platform.

Responsible Disclosure

We believe in a collaborative approach to security. If you discover a vulnerability, we want to know.

LogKit operates a bug bounty program via HackerOne. We reward security researchers who responsibly disclose vulnerabilities following our disclosure policy. We do not tolerate malicious activity against our systems.

bug bounty.logkit.io