Logace

Privacy

Last updated: 2026-05-04

We hold the smallest set of personal data we can run the service with. This page tells you what that is, who we share it with, how long we keep it, and how to make us delete it.

Who runs Logace

Logace is operated by an Australian-domiciled sole trader from New South Wales, Australia. References to “we”, “us”, and “Logace” below mean that operator. The product is hosted in the United States (Azure East US 2 region) and is available globally.

What data we collect

We collect only the data we need to run a paid sign-in product:

  • Account identity. Your email address and the stable user identifier issued by whichever provider you sign in with (Microsoft, Google, or GitHub). We do not store passwords — the OAuth provider authenticates you and we trust the resulting claim.
  • Plan tier. Whether your account is on the free or paid plan, plus subscription state from Stripe (status, current period end, cancellation flag). We do not store card details or billing addresses; Stripe holds those directly.
  • Favourites. If you star a resource, table, or category, we store the reference under your account so the favourite shows up on your dashboard. Free-tier users cannot create favourites.
  • Audit events. Sign-in time, plan change time, and account-deletion time, keyed to your user id. These exist so we can investigate billing or access disputes.
  • Server logs. IP address, user agent, request path, status code, and a correlation id for every HTTP request, retained in Application Insights for 30 days. These exist for security, abuse detection, and operational debugging. We do not build per-user behavioural profiles from them.

We do not have access to your Azure tenant, your subscriptions, your Log Analytics workspaces, your queries, or any data inside them. Logace is a reference for the schema shape of Azure diagnostic logs — it never reads your logs.

How we use it

  • To run the service: authenticate you, decide your plan entitlement, render the pages and API responses you request.
  • To bill you: pass your customer id to Stripe, react to Stripe webhook events that change your subscription state.
  • To prevent abuse: rate limiting, anti-scraping heuristics, investigation of suspicious request patterns.
  • To meet legal obligations: tax records, responding to lawful requests from government authorities.

We do not sell your data. We do not use your data to train any machine-learning model. We do not run advertising on the service. We do not share your data with marketing platforms.

Legal basis

For users in the UK, EU, or other jurisdictions with similar rules, our legal bases under the relevant data-protection law are:

  • Contract performance — for everything required to deliver the paid service to you (account, plan, favourites, billing).
  • Legitimate interest — for security logging, abuse prevention, and the minimal operational telemetry needed to keep the service running.
  • Legal obligation — for tax records and responses to lawful authority requests.

Sub-processors and third parties

Running the service means routing some of your data through third parties. The full list:

  • Microsoft Azure (United States) — hosting, database (Cosmos DB), storage, and Application Insights telemetry.
  • Stripe (United States) — payment processing and the customer portal you use to manage your subscription. Stripe receives your email and a subscription identifier; payment-card data goes directly to Stripe and never touches Logace's servers.
  • Microsoft, Google, and GitHub — identity providers. When you choose one, that provider sees that you signed in to Logace and returns a stable identifier and your verified email to us. We do not request any other profile data.
  • GitHub — source-code hosting for the Logace codebase. Your data is not stored in the repository.
  • Cloudflare — DNS and (planned) web analytics. The analytics product we use is cookie-free and does not build cross-site profiles.

Data retention

  • Active accounts: data is held while your account exists.
  • Deleted accounts: account data is soft-deleted on request and purged within 30 days, except for billing records and audit events tied to a paid subscription, which we retain for 7 years for tax-record purposes.
  • Server logs in Application Insights are retained for 30 days, then purged.
  • Stripe retains its own copy of your payment history under its own retention policy.

Cookies

We set one essential cookie for signed-in users: the ASP.NET Core authentication cookie that keeps you signed in. It is HttpOnly, Secure, and SameSite=Lax, with a 30-day rolling expiry. We do not set advertising or cross-site tracking cookies. Stripe may set cookies on the Stripe-hosted Checkout and Customer Portal pages; those are governed by Stripe's own policy.

Your rights

Subject to your local data-protection law, you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data deleted (deletion of an active paid account cancels the subscription and ends the entitlement).
  • Receive a copy of your data in a portable format.
  • Object to processing under legitimate interest.
  • Lodge a complaint with your local data-protection authority (in Australia, the OAIC; in the UK, the ICO; in the EU, your member-state authority).

To exercise any of these rights, email privacy@logace.dev from the address on your account. We aim to respond within 14 days.

Children

Logace is a developer tool. It is not intended for children under 16, and we do not knowingly collect data from anyone under 16. If you believe a minor has created an account, email privacy@logace.dev and we will remove it.

International transfers

Our hosting region is Azure East US 2 (United States). If you are in the UK, EU, or another jurisdiction with cross-border restrictions, your data is transferred to the United States under the standard contractual clauses Microsoft and Stripe make available to their customers.

Changes to this policy

We update this policy when the underlying practices change. The “Last updated” date at the top of this page tracks the most recent change. Material changes are notified by email to the address on your account; non-material edits (typos, clarifications) are not.

Contact

For privacy questions or to exercise the rights above, email privacy@logace.dev. For everything else, see the contact link in the terms of service.