Skip to content
ANTE

Security

Log Retention Policy

Last updated: 2026-06-22

← All security documents

Owner: Multibook, Inc. · Version 1.0 · Reviewed annually.

Logs acquired

Log typeSourceContents
Audit / activity logAudit microservice (dedicated DB)All user and admin actions, logins (success/fail) with IP + user-agent, privileged operations
Web access/error logsnginx on each dropletHTTP requests, status, client IP, user-agent
Application logsApplication containersApp-level events/errors
Edge security logsCloudflareWAF events, rate-limit challenges, blocked requests
Server/auth logsOS, TailscaleSSH/auth, fail2ban, device access

Retention periods

  • Audit / activity log: 24 months (append-only, partitioned) — exceeds the ≥6-month requirement.
  • nginx web access/error logs: ~12 months (logrotate rotate 372, daily + compress, on all droplets).
  • Application (Docker) logs: operational/debug only — security and audit events are captured in the audit database — retained on a rolling basis via the Docker json-file driver’s size/file rotation.
  • Cloudflare edge logs: per plan retention; security events reviewable in the dashboard.
  • Server/auth logs: OS default rotation, retained ≥3 months.

Integrity & attribution

The audit database is append-only — entries are not editable after write. Privileged operations are attributable to a named account; deployment actions are attributable via GitHub Actions logs.

Provision on request

Operation and security logs (or analysis results) are provided to the customer on legitimate request, subject to the Customer Data Access Policy.