Security & compliance

Admins and owners open Settings → Security for each project:

• Ingest IP allowlist — restrict which IPs may POST logs with a valid token
• Field redaction — strip sensitive metadata keys and card/SSN patterns at ingest
• Custom PII regex — per-project patterns applied to messages and metadata values
• GDPR erasure — delete logs matching a metadata subject id (audit logged)

Create ingest-only, read-only, or full-access tokens under Settings → API keys. Revoke individual tokens without rotating the primary project token.

Signed-in users manage active sessions at Dashboard → Account.

Public overview: subprocessors, practices, and disclosure policy at /security and responsible disclosure.