Legal
Privacy Policy
EZLogs is a product that captures activity from your applications and turns it into plain-English logs. This policy explains what data we collect, why we collect it, where we store it, and what rights you have over it.
1. Who we are
EZLogs is operated by Razvan Dezsi, a sole trader and tax resident in Spain (NIE Y8228368V). For privacy-related questions, contact hello@ezlogs.io.
For the purposes of the EU General Data Protection Regulation (GDPR), Razvan Dezsi is the data controller for personal data we collect about you (the EZLogs customer). For the event data your application sends to EZLogs, we act as a data processor on your behalf — see Section 5.
2. What data we collect
2.1 Account data
When you sign up for an EZLogs account we collect:
- Email address — used for authentication, billing receipts, and product communication.
- Hashed password — we never store plaintext passwords; they are hashed with bcrypt before being written to the database.
- Organization / company name — the workspace label you choose.
- Billing information — processed by Stripe; we never see or store your card number. We receive only the last four digits, card brand, country, VAT ID (if you supply one), and billing email.
2.2 Event data sent by your application
The EZLogs agent (Ruby gem ez_logs_agent or npm package ezlogs-nextjs) sends us structured events about activity inside your application. Each event contains:
- HTTP request metadata (path, method, status code, duration, requesting user ID if your app sets one).
- Background job metadata (job class name, queue, duration, success/failure).
- Database change metadata (table name, primary key, the operation, and a redacted set of before/after column values).
We do not store request bodies, response bodies, or full database rows unless you explicitly opt in. Field-level redaction is on by default for any column or parameter whose name matches password, token, secret, key, or *_at timestamps. You are responsible for any additional redaction needed to comply with your own privacy obligations to your end users.
2.3 Technical data
When you use the EZLogs web application, our servers automatically log standard technical information: IP address, browser type, pages visited, timestamps. We use this only to operate and secure the service, and we delete these logs after 90 days.
2.4 Cookies and analytics
We use one strictly necessary cookie (your authentication session) and, if you accept analytics, we load Google Analytics 4 to measure aggregate site usage. We do not load Google Analytics unless you accept the cookie banner. See Cookies below for the full list.
3. Why we use your data (legal bases)
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Provide the EZLogs service to you | Account data, event data | Contract (Art. 6(1)(b)) |
| Bill you and comply with tax law | Billing data | Contract + legal obligation (Art. 6(1)(b), (c)) |
| Secure the service against abuse | Technical data, account data | Legitimate interest (Art. 6(1)(f)) |
| Send product updates and security notices | Email address | Legitimate interest (Art. 6(1)(f)); opt-out anytime |
| Measure aggregate website usage | Analytics cookies | Consent (Art. 6(1)(a)) — via the cookie banner |
4. Where your data lives
All EZLogs production data is stored in the European Union, specifically on servers operated by Hetzner Online GmbH in Germany. Backups are stored in the same jurisdiction. We do not transfer customer data outside the EU/EEA except where strictly necessary for a feature you have used (see Section 5).
5. Third parties (subprocessors)
To run EZLogs we rely on a small number of trusted service providers. Each one only receives the data it needs to perform its function. The current list is published at ezlogs.io/subprocessors and we will notify you of material changes in advance.
For the AI-generated explanations feature: when EZLogs renders a plain-English explanation of an action, the structured (already-redacted) event data is sent to a large-language-model provider — currently Anthropic, PBC and/or OpenAI, L.L.C. — for the explanation generation. Both providers contractually agree not to train models on inference inputs. We cache and reuse explanations so the same event is not sent twice.
6. Cookies
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
_session (app) | Keeps you signed in | Session / 30 days | Strictly necessary |
ezlogs.cookieConsent (localStorage) | Remembers your cookie choice | Persistent | Strictly necessary |
_ga, _ga_* | Google Analytics 4, aggregate usage | Up to 13 months | Analytics (opt-in) |
7. How long we keep your data
- Account data: for as long as your account is active, plus 30 days after deletion to allow recovery.
- Event data: per the retention window of your plan (30, 90, or 365 days). Older events are permanently deleted.
- Billing records: 7 years, as required by Spanish and EU tax law.
- Technical logs: 90 days.
8. Your rights
Under GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and personal data ("right to be forgotten").
- Export your account data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent (e.g. analytics) at any time.
- Lodge a complaint with your local data protection authority. In Spain, that is the Agencia Española de Protección de Datos.
To exercise any of these rights, email hello@ezlogs.io. We will respond within 30 days.
9. Security
We protect your data with TLS in transit, encrypted backups, hashed credentials, and least-privilege access controls. The architectural foundation is that EZLogs is read-only by design — we never write back into your application. See our Security page for full detail.
10. Children
EZLogs is a B2B developer tool and is not directed at children under 16. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this policy as the product evolves. The effective date at the top reflects the most recent change. For material changes we will email account owners at least 14 days before they take effect.
12. Contact
Privacy questions: hello@ezlogs.io. Postal address available on request.
← Back to home