Privacy Policy

Last Updated: February 25, 2026

1. Our Commitment to Privacy

smplogs is designed as a "Zero-Knowledge" tool. Your log files are never transmitted to or stored on our servers. All log analysis happens locally in your browser.

2. Data Processing (The "Local-First" Model)

When you upload a file, it is processed entirely by your computer using a WebAssembly engine running in your browser. No log content is ever sent to our servers.

For Pro and Team subscribers who choose to save analysis results, the computed output (metrics, findings, and risk scores - not raw log content) is encrypted with AES-256-GCM and stored on our servers for up to 30 days. Saving is not automatic unless you enable auto-save in settings. You can delete saved analyses at any time from the app.

3. Information We Collect

  • Account Data: When you sign in via Google or GitHub, we store your name, email address, and OAuth provider identifier in our database. This applies to all authenticated users, including those on the free plan.
  • Billing Data: If you subscribe to a paid plan, billing and payment information is collected and processed by our merchant of record (Lemon Squeezy). We do not store credit card numbers or payment tokens on our servers.
  • Usage Data: We track daily analysis counts and file sizes for rate-limiting purposes. These counters are tied to a hashed user identifier and expire automatically at the end of each day.
  • User Settings: Preferences such as auto-save are stored server-side (encrypted) so they persist across devices.
  • Saved Analysis Results (Pro/Team): If you opt to save analyses, encrypted analysis results (metrics and findings, not raw log content) are stored server-side. A maximum of 50 analyses are retained per account, with automatic deletion after 30 days.
  • Local Storage: We store UI preferences (e.g., sidebar state) in your browser's local storage. This data stays on your machine.

4. Cookies

We use the following cookies:

  • auth_token: An HttpOnly, Secure session cookie containing a signed JWT. Used to authenticate your requests. Expires after 7 days.
  • oauth_state: A short-lived HttpOnly cookie (10 minutes) used during OAuth sign-in to prevent cross-site request forgery.

We do not use advertising or tracking cookies.

5. Third-Party Services

We use the following third-party services that may process limited data on our behalf:

  • Vercel: Hosting, serverless functions, blob storage (encrypted analysis results), KV store (rate-limit counters), and web analytics (anonymous page-view counts).
  • Neon: Managed PostgreSQL database for user accounts, team membership, and subscription records.
  • Cloudflare Turnstile: Bot verification on the analysis page. Turnstile may collect your IP address and browser signals to distinguish humans from bots. See Cloudflare's privacy policy.
  • Google & GitHub (OAuth): Used for sign-in only. We receive your name, email, and profile picture from the provider you choose. We do not access any other data from your Google or GitHub account.
  • Lemon Squeezy: Merchant of record for paid subscriptions. Handles all payment processing. See Lemon Squeezy's privacy policy.

6. Data Security

Your raw log content never leaves your browser. All server-side data (user profiles, saved analysis results, settings) is encrypted at rest using AES-256-GCM. Storage paths are derived from hashed user identifiers, preventing enumeration. Auth tokens use HMAC-SHA256 with timing-safe comparison. All connections are HTTPS with HSTS preloading.

7. Data Retention & Deletion

Saved analysis results are automatically deleted after 30 days. Rate-limiting counters expire at the end of each day. You can delete individual saved analyses at any time from within the app.

To request deletion of your account and all associated data, contact us at the email below. We will remove your user record, profile data, saved analyses, settings, and team membership within 30 days of a verified request.

8. International Users & GDPR

We comply with data minimization principles and collect only what is necessary to operate the service. If you are in the EU/EEA, you have the right to access, correct, or delete your personal data, and to object to or restrict its processing. To exercise these rights, contact us using the details below.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be noted by updating the "Last Updated" date at the top of this page.

10. Contact

For privacy-related questions or data deletion requests, email contact@smplogs.com.