Security
Security that matches operational reality.
We're designed to be a trusted system of record for change history—without collecting data we don't need.
What we store
Event metadata needed to build the timeline, plus any manual notes your team chooses to log. We store the minimum required to provide the service.
What we don't store
We don't need customer PII to be useful. Where possible, we avoid ingesting sensitive content. No order data, no customer emails, no payment information.
Access control
Role-based access so only the right people can view or edit logs. SSO/SAML available on Plus/Enterprise plans.
Encryption
Encryption in transit (TLS 1.2+) and at rest. Applicable to all tiers across your infrastructure.
Retention & deletion
Retention is plan-based — from 30 days on Starter to 5 years on Plus/Enterprise. You can request deletion according to policy.
Security contact
For questionnaires or incident reporting, reach us at security@difflog.com. We aim to respond within 1 business day.
Have a security questionnaire?
We're happy to complete them. Book a demo or email security@difflog.com.