Logs, Audit Logs, and Backups
Retention and contents of auth and audit logs, plus backup schedules.
Scope
This page covers platform logs, audit logs, and backup schedules. For retention of evaluation data and exports, see Evaluation Data Retention.
Authentication Logs
Auth0 sign-on and failure logs: Retained for 6 days
Extended analytics: Authentication events are forwarded to Segment.io with 180-day retention
Monitoring: Threshold-based monitoring runs via scheduled cron jobs
Analysis: Currently, no active real-time analysis is performed on authentication logs
Audit Logging
Every API request generates an audit log entry containing:
JTI (JWT Token ID)
User ID
Token thumbprint
Token expiration time
Request timestamp
Resolver-level access logs for data access operations
This zero-trust transaction recording ensures complete traceability of all platform actions.
Data Backup Schedule
PostgreSQL Database:
Hourly backups with minimum 3-day retention
Encrypted and compressed backups stored behind firewall
Nightly off-site backups for disaster recovery
State tracking with built-in attribution and archiving
Redis Database:
Replicated database with persistent storage
Designed for continuous availability
Persistent storage on backed-up volumes
Stores current state (not historical data)
Object Storage:
Used for evaluation configurations, generated exports, cached calculations, and static assets
Buckets are private and not publicly accessible
Access is key-based and scoped per service (least privilege)
Encryption keys are held by application services, not stored in object storage
Sensitive buckets use additional encryption controls
Most objects are regenerable from the database (backups focus on databases)
Block Storage:
Linode-managed with replication
Periodic snapshots for application data
Database data handled through PostgreSQL/Redis mechanisms above
Last updated
Was this helpful?