1. Controller identity
ConnLog is operated by ConnLog, trading as ConnLog, registered with the Dutch Chamber of Commerce under KvK number 42070060, the Netherlands.
ConnLog is the controller for account, billing, platform administration, support, security, marketing, and website visitor data. ConnLog may act as a processor for customer-provided monitoring, workspace, agent, alert, and Quick Action data when the customer determines the purpose and content of that data. See the Data Processing Agreement.
2. Scope
This policy covers:
- Website visitors and people who contact ConnLog.
- Account users, workspace owners, admins, members, free users, and paid users.
- Support contacts and people included in support messages.
- People whose personal data may appear in customer-provided content, such as hostnames, URLs, notes, action output, tags, tickets, or logs.
3. Data collected
| Category | Examples |
|---|---|
| Account data | Name, email, password hash, OAuth provider IDs, OAuth tokens where stored, avatar/image, email verification state, last login, legal acceptance records. |
| Authentication and security data | Sessions, login events, IP addresses, user agent, failed login or reset activity, rate-limit events, security events, audit records. |
| Workspace data | Workspace names, slugs, roles, owners, invitations, membership, settings, teams, groups, tags, collective emails, deletion requests. |
| Monitor and alert data | URLs, hostnames, ports, protocols, thresholds, check configuration, status history, alert messages, acknowledgments, notification settings, recipients, cooldowns. |
| Agent data | Agent IDs, names, tokens, token hashes or secrets, heartbeat status, timestamps, operating system, architecture, version, protocol version, hostname, machine ID hash, labels, tags, groups, teams, update state, uninstall state, metric samples, snapshots, and rollups. |
| Quick Action data | Action IDs, labels, descriptions, category, risk, output mode, execution requests, status, timestamps, requesting user, exit code, duration, truncation state, and output if stored or streamed by the service. |
| Support data | Tickets, categories, priority, subjects, descriptions, messages, internal notes, status changes, attachments if implemented, and support history. |
| Billing and subscription data | Plan, subscription status, billing cycle, provider customer ID, provider subscription ID, payment status, invoice or event metadata, VAT/tax data, billing email/address where applicable, raw provider webhook payloads where retained. |
| Email and notification data | Alert recipients, email subjects, message IDs, delivery success/failure, sanitized error messages, correlation IDs, in-app notification titles, body, action URLs, metadata, read state. |
| Technical logs and cookies | Server logs, request metadata, IP address, user agent, error logs, worker logs, audit logs, abuse/security logs, strictly necessary cookies, sessions, CSRF tokens, preferences, and local storage where used. |
| Marketing or product emails | Email address, preferences, and product-update history if newsletter or announcement features are used. |
4. Purposes and legal bases
| Purpose | Data | Legal basis |
|---|---|---|
| Create and manage accounts | Account, authentication, workspace membership data | Contract |
| Provide monitoring, agents, Quick Actions, dashboards, and alerts | Monitor, agent, alert, metric, Quick Action, workspace data | Contract; customer instructions where ConnLog acts as processor |
| Secure the platform and prevent abuse | IP addresses, logs, audit/security events, tokens, rate-limit events | Legitimate interest; legal obligation where applicable |
| Billing, accounting, tax, and payment administration | Subscription, invoice, tax, payment, billing-event data | Contract and legal obligation |
| Customer support | Support tickets, messages, account, workspace, diagnostic data | Contract and legitimate interest |
| Transactional emails and alerts | Email, alert, notification, delivery logs | Contract and legitimate interest |
| Product announcements or newsletter | Email, preferences | Consent or legitimate interest where allowed |
| Legal compliance and dispute handling | Required records, audit logs, security logs, billing data | Legal obligation and legitimate interest |
5. Retention
We keep personal data only as long as needed for the purposes above, unless a longer period is required for tax, legal, security, dispute, backup, abuse-prevention, or accounting reasons. Retention can also depend on your plan, workspace settings, and whether data is still needed to provide the Services.
| Data category | Retention |
|---|---|
| Account data | Account lifetime, then deletion or anonymization after account closure except for required records. |
| Deleted accounts and workspaces | Deleted through the product deletion flow, with residual copies kept only for backups, legal, billing, tax, security, dispute, and abuse-prevention purposes. |
| Workspace data | Workspace lifetime plus deletion/backup period, unless retained for security, legal, or billing reasons. |
| Monitor status and check history | According to the active plan retention limit and workspace deletion state. |
| Agent heartbeat and metric history | Raw metric samples are pruned on a short rolling window; metric rollups and agent events are pruned according to the active plan retention limit. |
| Alert and notification event history | As long as needed for alert history, troubleshooting, audit, and plan-based retention, then deleted or anonymized. |
| Audit logs and Quick Action execution metadata | As long as needed for security, accountability, support, dispute handling, and abuse prevention. |
| Security logs, failed login logs, and rate-limit logs | As long as needed to protect accounts, investigate incidents, prevent abuse, and comply with legal obligations. |
| Support tickets | As long as needed to handle the request, maintain support history, improve support, and defend legal claims. |
| Billing records and invoices | Legal/tax retention period, commonly 7 years under Dutch bookkeeping obligations. |
| Email delivery logs | As long as needed for delivery troubleshooting, audit, security, and abuse prevention. |
| Backups | Rolling backup window. Deleted data may remain in backups until the relevant backup expires. |
| Agent tokens and secrets | Until rotation, agent deletion, workspace deletion, or security invalidation. |
6. Sharing and subprocessors
ConnLog uses service providers to run the platform. Categories may include hosting and infrastructure, email delivery, payment processing, OAuth login providers, error logging or observability, support tooling, and analytics only if actually enabled. We do not sell personal data.
The current provider categories and enabled providers are maintained at /subprocessors.
7. International transfers
ConnLog prefers processing in the EU/EEA where practical. If a provider processes personal data outside the EEA, ConnLog will rely on appropriate safeguards such as an adequacy decision, Standard Contractual Clauses, transfer impact assessments where required, or other lawful transfer mechanisms.
8. Your rights
Under the GDPR/AVG, you may have the right to request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is based on consent. You may also complain to the Dutch Autoriteit Persoonsgegevens.
We normally respond within one month. We may ask for identity verification. Some requests may be limited where data must be retained for legal, security, billing, tax, dispute, fraud-prevention, or freedom-of-expression reasons, or where ConnLog acts only as processor and must refer the request to the customer/controller.
9. Security
ConnLog uses technical and organizational measures designed to support GDPR/AVG obligations, including encryption in transit, password hashing, access controls, audit logs, least privilege, secrets management, agent authentication, rate limits, backups, secure development practices, and incident response processes. No system can be perfectly secure. See /security.
10. Children
ConnLog is not intended for children or minors. You must be legally able to enter into the applicable agreement or have valid authorization from the customer you represent.
11. Changes and contact
We may update this policy from time to time and will publish the updated version with a new last updated date.
Privacy questions and data subject requests: [email protected]. General contact: [email protected].