Legal

Privacy Policy

Effective date: 3 June 2026 · Version 1.1

EZLogs is a product that captures activity from your applications and turns it into plain-English logs. This policy explains what data we collect, why we collect it, where we store it, and what rights you have over it.

1. Who we are

EZLogs is operated by Razvan Dezsi, a sole trader and tax resident in Spain (NIE Y8228368V). For privacy-related questions, contact hello@ezlogs.io.

For the purposes of the EU General Data Protection Regulation (GDPR), Razvan Dezsi is the data controller for personal data we collect about you (the EZLogs customer). For the event data your application sends to EZLogs, we act as a data processor on your behalf — see Section 5.

EZLogs has not designated a Data Protection Officer because we fall below the thresholds set out in Article 37 GDPR (we do not carry out large-scale processing of special-category data and our core activities do not require regular and systematic monitoring of data subjects on a large scale). The privacy contact above is your point of contact for all data-protection matters.

2. What data we collect

2.1 Account data

When you sign up for an EZLogs account we collect:

2.2 Event data sent by your application

The EZLogs agent (Ruby gem ez_logs_agent or npm package ezlogs-nextjs) sends us structured events about activity inside your application. Each event contains:

We do not store request bodies, response bodies, or full database rows unless you explicitly opt in. Field-level redaction is on by default at the agent for any column or parameter whose name matches password, token, secret, api_key, credit_card, and additional patterns we widen over time. You are responsible for configuring the agent’s sensitive-keys list to cover any further fields that carry personal data your end users would not expect us to see.

Because the event data describes actions performed by your end users, it may include personal data about individuals who never interact with EZLogs directly (for example, the email of one of your customers whose action triggered a captured event). For the purposes of Article 14 GDPR, the source of this data is your application, and the lawful basis for its processing is the contract we have with you as the data controller (Section 3). You remain responsible under your own privacy notice for informing your end users that you use EZLogs as a processor.

2.3 Technical data

When you use the EZLogs web application, our servers automatically log standard technical information: IP address, browser type, pages visited, timestamps. We use this only to operate and secure the service, and we delete these logs after 90 days.

2.4 Cookies and analytics

We use one strictly necessary cookie (your authentication session) and, if you accept analytics, we load Google Analytics 4 to measure aggregate site usage. We do not load Google Analytics unless you accept the cookie banner. See Cookies below for the full list.

3. Why we use your data (legal bases)

PurposeData usedLegal basis (GDPR)
Provide the EZLogs service to youAccount data, event dataContract (Art. 6(1)(b))
Bill you and comply with tax lawBilling dataContract + legal obligation (Art. 6(1)(b), (c))
Secure the service against abuseTechnical data, account dataLegitimate interest (Art. 6(1)(f))
Send product updates and security noticesEmail addressLegitimate interest (Art. 6(1)(f)); opt-out anytime
Measure aggregate website usageAnalytics cookiesConsent (Art. 6(1)(a)) — via the cookie banner

4. Where your data lives

All EZLogs production data is stored in the European Union, specifically on servers operated by Hetzner Online GmbH in Germany. Backups are stored in the same jurisdiction. Some of the subprocessors listed in Section 5 are based in the United States; transfers to those subprocessors are governed by the European Commission’s Standard Contractual Clauses (Decision (EU) 2021/914), with supplementary technical measures (encryption in transit, minimized payloads, contractual no-training terms for AI providers) as described in our DPA.

5. Third parties (subprocessors)

To run EZLogs we rely on a small number of trusted service providers. Each one only receives the data it needs to perform its function. The current list is published at ezlogs.io/subprocessors and we will notify you of material changes in advance.

For the AI-generated explanations feature: when EZLogs renders a plain-English explanation of an action, the structured (already-redacted) event data is sent to a large-language-model provider — currently Anthropic, PBC and/or OpenAI, L.L.C., both US-based — for the explanation generation. We use these providers’ commercial API tiers, whose terms contractually prohibit training models on inference inputs (Anthropic Commercial Terms; OpenAI Business Terms). We cache and reuse explanations so the same event is not sent twice.

We do not sell customer data. We do not license it, trade it, or share it with any third party for any purpose other than the operation of the service as described above and in our subprocessor list. We do not use customer event data to train our own machine-learning models.

6. Cookies

CookiePurposeDurationType
_session (app)Keeps you signed inSession / 30 daysStrictly necessary
ezlogs.cookieConsent (localStorage)Remembers your cookie choicePersistentStrictly necessary
_ga, _ga_*Google Analytics 4, aggregate usageUp to 13 monthsAnalytics (opt-in)

7. How long we keep your data

8. Your rights

Under GDPR you have the right to:

To exercise any of these rights, email hello@ezlogs.io. We will respond within 30 days.

9. Automated decision-making

EZLogs does not make decisions that produce legal effects or similarly significant effects on you using automated processing alone (GDPR Article 22). Our AI features (action explanations, chat answers) are informational narratives generated for human readers; they do not determine outcomes for you or anyone else. Account-level decisions such as suspension or termination are made by humans.

10. Security

We protect your data with TLS 1.2+ in transit, filesystem encryption at rest on our production hosts, bcrypt-hashed credentials, SSH-key-only access to production, multi-tenant isolation enforced at every database query, and rate-limiting against abuse. The architectural foundation is that EZLogs is read-only by design — we never write back into your application. See our Security page and our DPA Section 9 for full detail.

11. Children

EZLogs is a B2B developer tool and is not directed at children under 16. We do not knowingly collect personal data from children. If you become aware that a child has used the service, contact us and we will delete the account.

12. Changes to this policy

We may update this policy as the product evolves. The effective date at the top reflects the most recent change. For material changes we will email account owners at least 14 days before they take effect.

13. Contact

Privacy questions: hello@ezlogs.io. Postal address available on request. Spanish data subjects may also lodge complaints with the Agencia Española de Protección de Datos (AEPD).

← Back to home