Privacy Policy

Last updated: February 7, 2026

This Privacy Policy describes how Timberlogs ("we," "us," or "our") collects, uses, and protects information when you use our website, dashboard, APIs, and related services. Timberlogs is operated by enaboapps.

1. Information We Collect

1.1 Account Information (Dashboard Users)

When you create an account on the Timberlogs dashboard, we collect the following via our authentication provider, Clerk:

  • Email address
  • Full name
  • Profile image URL
  • Organization details (name, membership role) if you create or join a team

1.2 Billing Information

Subscription and billing is handled by Clerk. We receive subscription status and plan information (e.g., Free, Pro, Enterprise) but do not directly process or store payment card details.

1.3 API Keys

When you generate API keys, we store only a SHA-256 hash of the key and a short prefix for display purposes. The full key is shown once at creation and is never stored in plaintext.

1.4 Log Data (Data We Process on Your Behalf)

When your applications send logs to Timberlogs, we process and store the following fields:

  • Core fields: log level, message (max 10,000 characters), source, environment, dataset, and app version
  • Optional context: userId, sessionId, requestId, flowId, stepIndex, tags, and custom data objects
  • Error details: error name and stack trace (max 10,000 characters)
  • Derived fields: IP address (from the Cloudflare CF-Connecting-IP header) and country (from Cloudflare geolocation)
  • Timestamps: provided by your application or set at ingestion time

For log data, Timberlogs acts as a data processor. You (the customer) are the data controller and are responsible for ensuring that the data you send to Timberlogs complies with applicable privacy laws and your own privacy policy.

1.5 Aggregated Metrics

We compute and store aggregated log counts (by level, source, environment, and time period) for usage tracking and plan limit enforcement. These metrics do not contain individual log content.

2. Automatic Data Redaction

Timberlogs automatically redacts values for sensitive keys in the custom data fields of your logs. The following field names are redacted before storage:

password, secret, token, api_key, apikey, api-key, authorization, auth, credentials, private_key, privatekey, private-key, access_token, accesstoken, refresh_token, refreshtoken, session_id, sessionid, credit_card, creditcard, credit-card, card_number, cardnumber, cvv, ssn, social_security, bank_account, bankaccount

While we automatically redact common sensitive fields, you should avoid sending personally identifiable information (PII) or secrets in log messages or data fields wherever possible.

3. How We Use Your Information

  • Provide, operate, and maintain the Timberlogs service
  • Authenticate your identity and manage your account
  • Store and index logs so you can search, filter, and analyze them
  • Enforce plan limits and track usage
  • Improve the service and fix bugs
  • Respond to support requests

4. Data Retention

Log data retention depends on your plan:

Free

7 days

Pro

30 days

Enterprise

90 days

Account data (email, name, organization membership) is retained for as long as your account is active. When you delete your account, your personal data is removed.

5. Third-Party Services

We use the following third-party services:

Clerk (Authentication & Billing)

Handles user sign-up, sign-in, organization management, and subscription billing. Clerk processes your email, name, and profile information.

Clerk Privacy Policy

Cloudflare (Infrastructure)

Powers our edge ingestion (Workers), database (D1), log storage (Analytics Engine), and caching (KV). Cloudflare processes log data and derives IP address and country information from requests.

Cloudflare Privacy Policy

Vercel (Hosting)

Hosts the Timberlogs marketing website and dashboard. Vercel may collect standard web server logs (IP addresses, request metadata).

Vercel Privacy Policy

6. Cookies and Tracking

The Timberlogs marketing website (timberlogs.dev) does not use cookies, analytics scripts, or tracking technologies.

The Timberlogs dashboard (app.timberlogs.dev) uses authentication cookies managed by Clerk to maintain your login session. We do not use any third-party analytics or advertising trackers on the dashboard.

7. Data Security

  • All data is encrypted in transit via TLS
  • API keys are stored as SHA-256 hashes, never in plaintext
  • Sensitive log fields are automatically redacted before storage
  • Log ingestion is rate-limited and validated (max 100 logs per request, field size limits enforced)
  • Dashboard access is protected by Clerk authentication with role-based organization permissions

8. Your Rights

You have the right to:

  • Access your personal data by viewing your account and organization settings
  • Delete your account and associated data at any time
  • Export your log data via the Timberlogs API
  • Revoke API keys to stop data ingestion from any application
  • Request information about what data we hold by contacting us

If you are located in the EU/EEA, you may also have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Children's Privacy

Timberlogs is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@timberlogs.dev