Security and Compliance

The security and privacy of your data is the biggest consideration in everything we do since you are placing your trust in our service. We want you to know that we have implemented security standards and operational processes using industry standards to protect your data. Aslogger gives you all the tools and control over what data you send to our platform. You may configure your applications and infrastructure to only send the data you need.

ISO 27001 Certified
GDPR Compliant
SOC 2 Compliant
HIPAA Compliant

HTTPS AND TLS SECURE CONNECTIONS

Aslogger uses HTTPS for all services using TLS (SSL) on our public website and the platform.

Data is transmitted securely from your system to Aslogger using Transport Layer Security (TLS). We offer a range of endpoints, giving you the choice of the protocol used.

Our endpoints can require the use of unique API keys that are specific to each ELK stack. API keys allow you to ingest data only from trusted sources. API Keys are managed and owned by you.

Data which contains restricted information can be filtered out before it leaves your infrastructure.

SECURE AUTHENTICATION

To get access to your data, your team may login to our secure web application through HTTPS. Users access their data through secure sessions encrypted using TLS.

We enforce best practices for password creation with rules including a minimum character count and the use of uppercase characters and digits.

We also offer our customers Federated Identity (FID) or Single Sign-On (SSO), including Google Sign-in, SAML, Otka, One Login and more.

Additionally, two factor authentication can be turned on to secure your aslogger account.

ROLE-BASED ACCESS CONTROL

We give you control over which members of your organisation have access, which ELK stacks they are allowed to see, and which settings they are allowed to change.

DATA STORAGE AND DELETION

All data is encrypted at rest with AES-256, keys are rotated and monitored continuously. All of your logging and metrics data is permanently deleted at the end of your retention period or on deletion of a stack.

INCIDENT RESPONSE

We take security incidents very seriously. We will investigate the issues and seek to resolve them quickly. When a security issue has the potential to affect our customers, we will follow industry best practices for disclosure and notification. If you have questions, suggestions, or believe you have identified a vulnerability, please contact us directly at compliance@aslogger.com.

Start today

Get Started Now

Check your email

We sent you an email with a link to get started. You’ll be in your account in no time.