Privacy Policy
Last updated: April 2026
This Privacy Policy explains how Nonatomic (“we”, “us”, “our”) collects, uses, and protects your personal data when you use LogCast. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
Nonatomic is the data controller for personal data processed through LogCast. For privacy enquiries, contact us at privacy@nonatomic.io.
2. What We Collect
Account Information
- Email address
- Full name
- Avatar (if using GitHub OAuth)
- Authentication provider details
Content You Provide
- Uploaded log files (stored in your private storage bucket)
- Analysis prompts and report format templates you create
- Analysis results generated by AI processing
Usage Data
- Number of analyses performed
- Token usage (AI processing metrics)
- Storage usage
- Feature usage patterns
Technical Data
- Authentication cookies (essential, not tracking)
- Preference settings (e.g., dismissed notices)
3. How We Process Your Data
Log File Analysis
When you run an analysis, your uploaded log file is processed as follows:
- Injection scan: We check for prompt injection patterns to protect the AI system.
- Automated redaction: Our redaction engine scans for and replaces detected sensitive data (API keys, emails, credit card numbers, PII, etc.) with placeholder markers before the content leaves our servers.
- AI processing: The redacted log content is sent to a third-party AI provider for analysis.
- Results storage: The analysis output is stored in your account.
Important: Automated redaction is best-effort. We strongly recommend sanitising your logs before upload. See our Security & Data Handling page for details on what we detect.
4. Legal Basis for Processing (GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Log analysis via AI providers | Consent (Art. 6(1)(a)) — acknowledged at first analysis |
| Automated redaction of sensitive data | Legitimate interest (Art. 6(1)(f)) — protecting your data |
| Usage tracking and billing | Contract performance (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
5. Third-Party Processors
We share data with the following processors under appropriate data processing agreements:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Account data, uploaded files, analysis results | US/EU (configurable) |
| Anthropic | AI log analysis | Redacted log content only | US |
| Vercel | Application hosting | Request metadata | Global (edge network) |
| Stripe | Payment processing | Billing information (paid tiers only) | US |
AI providers receive only the redacted version of your log files. Original unredacted content is never sent to AI providers.
6. Your Rights (GDPR)
Under the GDPR and applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you. Available via Settings > Export My Data.
- Rectification: Correct inaccurate personal data via your account settings.
- Erasure: Delete your account and all associated data immediately via Settings. This is permanent and cannot be undone.
- Data Portability: Export your data in a machine-readable format (JSON) via Settings.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent for data processing at any time, without affecting the lawfulness of processing performed before withdrawal.
To exercise any of these rights, use the self-service options in Settings or contact us at privacy@nonatomic.io.
7. Data Retention
- Account data: Retained while your account is active. Deleted immediately upon account deletion.
- Uploaded log files: Retained until you delete them or your account.
- Analysis results: Retained until you delete them or your account.
- Usage metrics: Retained for billing purposes during active subscription, deleted with account.
8. International Transfers
Your data may be processed in the United States and other countries where our processors operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.
9. Cookies
LogCast uses essential cookies only for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-*-auth-token | Supabase authentication session | Session / 1 year (refresh) |
10. Children
LogCast is not intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The “Last updated” date at the top indicates the most recent revision.
12. Complaints
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.
13. Contact
For privacy-related enquiries: privacy@nonatomic.io