Due to the nature of New Relic Logs, you have direct control over what data is reported to New Relic. To ensure data privacy and to limit the types of information New Relic receives, no customer data is captured except what you supply in your API calls or log forwarder configuration. All data for the Logs service is then reported to New Relic over HTTPS.
This document describes additional security considerations for your logging data. For more information about New Relic's security measures, see our security and privacy documentation, or visit the New Relic security website.
Customize your security settings
The Logs service does mask number patterns that appear to be for items such as credit cards or Social Security numbers. However, what you send to New Relic, including any additional filtering, is controlled by the configuration of the log forwarder you use, such as FluentD.
Because you control what customer data is logged, be sure to follow your organization's security guidelines to mask, obfuscate, or prevent any sensitive data.
If you need to include encryption in the database, contact your New Relic account representative.
New Relic Logs and GDPR
New Relic Logs currently limits retention of log data to a maximum of 30 days. Article 12.3 of GDPR specifies that private data must be deleted within 30 days of receiving a request for deletion. Accordingly, New Relic Logs is automatically in compliance, as data cannot be stored for longer than 30 days.