Logging data
The ClauseBase platform stores log-data for four different purposes:
Security, e.g. to detect attacks by malicious actors and availability, e.g. to detect whether servers would reach capacity limitations. ClauseBase is ISO 27001 certified, and central logging is an important requirement under this certification scheme. Similarly, the logs also allow to detect abuse, e.g. to trace whether customers would store illegal information.
Provide support to users, e.g. to investigate why something does not seem to work.
Invoicing and usage limitations, e.g. to track the number of translations and LLM requests submitted by customers, and to track the number of DOCX/PDF documents exported by customers (e.g., to invoice customers who are licensing the platform on a per-export basis)
Customer usage, e.g. to check which features are popular and which customers are actively using the platform
Location
Log data is either stored locally on the relevant server (e.g., in Germany, for enterprise customers), or centrally on our central logging server in Amsterdam.
Inspections
The centralised log data is frequently inspected by the ClauseBase team, through a variety of dashboards, such as the one below.
Only metadata
Care is taken that the logs, in general, only contain metadata. In the few instances where it is relevant from a logging/security perspective to store non-metadata, that data is encrypted by the ClauseBase platform instance before being inserted into the log file.
A sample event looks as follows:
Data being logged
Central logs for server requests
Every time the user performs an action at the server (e.g., opening a Clause9 Q&A, storing a clause in ClauseBuddy, redrafting text using ClauseBuddy's AI features, etc.), this event gets logged in the central log. These central logs are kept for 18 months.
Temporary logs
Important internal API events
During a period of 1 month, the full content of the most important events (+ user ID and timestamp) are being logged into a temporary log at each server:
Updates to files and folders
Updates to documents and Q&As
Clauses sent to curators
Updates to user account details
Opening of anonymous links
Each night, the logs older than one month are being deleted.
Platform usage
During one month, the mere fact that a user is using the ClauseBase platform gets logged into a separate table of the secondary PostgreSQL database of each instance.
Each night, the logs older than one month are being deleted.
Invoice-related logging
In each platform instance's secondary PostgreSQL database, logs are kept for invoicing purposes, as explained elsewhere.
These logs are kept for 7 years, i.e. the term under Belgian law during which invoices can be contested.
Crash logs
When an internal API event crashes or generators an error, an email with relevant details gets sent to ClauseBase developer team, for analysis.
Last updated