Due to the nature of New Relic Logs, you have direct control over what data is reported to New Relic. To ensure data privacy and to limit the types of information New Relic receives, no customer data is captured except what you supply in your API calls or log forwarder configuration. All data for the Logs service is then reported to New Relic over HTTPS.
This document describes additional security considerations for your logging data. For more information about New Relic's security measures, see our security and privacy documentation, or visit the New Relic security website.
Customize your security settings
The Logs service does mask number patterns that appear to be for items such as credit cards or Social Security numbers. However, what you send to New Relic, including any additional filtering, is controlled by the configuration of the log forwarder you use, such as FluentD.
Because you control what customer data is logged, be sure to follow your organization's security guidelines to mask, obfuscate, or prevent any sensitive data.
New Relic Logs and GDPR
New Relic Logs currently limits retention of log data to a maximum of 30 days. Article 12.3 of the General Data Protection Regulation (GDPR) specifies that private data must be deleted within 30 days of receiving a request for deletion. Accordingly, New Relic Logs is automatically in compliance, as data cannot be stored for longer than 30 days. For more information, see the Logs data retention documentation