Extensive logs
Last updated: Jun 4, 2026
Typical logs are essential for a non-repudiation policy to be successful. Currently, we store logs for:
- Platform logging system: Our platform stores a historical status of projects, findings, vulnerabilities, and other critical components. Changes made to these components are always tied to a user and a date. The historical status never expires. These logs cannot be modified.
- Platform error tracking system: Our platform provides real-time logging of errors that occur in its production environments. It is especially useful for quickly detecting new errors and hacking attempts. These logs never expire and cannot be modified.
- Redundant data centers: Data centers store comprehensive logs of all our infrastructure components. Logs here never expire and cannot be modified.
- CI Gate execution: Whenever a client's CI pipeline runs the CI Gate, logs containing information such as who ran it, vulnerability status, and other relevant data are uploaded to our data centers. This allows us to always know the current status of our client's CI Gate service. These logs never expire and cannot be modified.
- IAM authentication: Our IAM stores logs of user login attempts, accessed applications, and possible threats. Logs here expire after seven days and cannot be modified.
- Collaboration systems activity: Our collaboration systems, such as our email and calendar, store comprehensive talent activity logs, spam, phishing and malware emails, suspicious login attempts, and other potential threats. Talent activity logs never expire. Other security logs expire after 30 days. These logs cannot be modified.
- CI job logs: All our CI pipelines provide a full record of who triggered them, when, and the console output. These logs never expire and cannot be modified.
Requirements
The following Fluid Attacks requirements apply to the controls described on this page: