Accelario logging events policy

Owned by Dima Urban (Unlicensed)
Last updated: Apr 29, 2024
2 min read

History

Version

Date

Description

Version

Date

Description

1.0

Dec 2, 2023

Initial version

1.01

Feb 1, 2024

Corrected typos; policy updated to apply to both Masking and Virtualization services.

1.02

Apr 28, 2024

Adjusted for the new Data Anonymization product name (former Data Masking)

Policy overview:

This policy provides a comprehensive framework for logging usage and statistics events in the Data Anonymizationand Virtualization services by Accelario. It ensures transparency in data collection and prioritizes the protection of internal production data.

Overview of Logging System:

  • General definition: An 'event' in the context of the Accelario Anonymization and Virtualization service refers to any significant occurrence within the system. This includes user actions, system errors, operational milestones, and other noteworthy activities.

  • Synchronization events: Additionally, an event may include synchronization activities. These are records where the system performs a regular synchronization operation, transferring a subset of the current configuration data. This is done for support and maintenance purposes, ensuring that the system's operational state can be effectively monitored and managed.

  • Logging mechanism: Events are first recorded and stored locally on the user's system. This local storage acts as the primary repository for all event data, ensuring immediate access for users and maintaining data security.

Policy statements:

 

  1. Opt-In requirement: Transmission of event logs to the Accelario server is not automatic. Users must actively opt-in to enable the option "Allow sending usage statistics to the Accelario server." This ensures that data transmission to the Accelario server is consensual. If a user opts in, the events stored locally are then transmitted to the Accelario server for further analysis and support. This process is subject to the secure transmission protocols and data retention policies

  2. Internet access requirement: For data transmission to the Accelario server, internet access must be enabled from the installed service (Data Anonymization or Data Virtualization).

  3. Exclusion of sensitive information:

    • User credentials: To protect identity, usernames, and passwords are not included in event logs.

    • Data source identifiers: Internal data source IP addresses and host ports are excluded.

    • Database content: Actual data content of the databases is not sent or recorded in logs.

    • Database structure: Schema details such as table structures, lists of tables, and columns will be included in the log events. However, all such information will be masked and obfuscated to ensure privacy and security. This approach allows for the transmission of structural data without exposing sensitive or identifiable information about the database schema.

  4. Error message handling: Error messages in the logs may include stack details with specific information to facilitate debugging and support.

  5. Secure data transmission: Any data transmission to the Accelario server is secured via HTTPS.

  6. Data retention period: Event messages are retained for a period of 30 days. Post this period, all logs are automatically purged from the system to maintain data hygiene.

  7. Local audit of messages: Messages sent to Accelario's server are auditable locally within the local service's logs subsystem. This allows for internal tracking and review of transmitted data.

  8. User Assurance: The policy is designed to respect user privacy while providing insights for service improvement. Users can trust that their production data remains secure and their privacy is respected.