> ## Documentation Index
> Fetch the complete documentation index at: https://docs.botbrains.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Logging and Monitoring Policy

> Logging and Monitoring Policy defines what we log, how we protect logs, and how we monitor and review security events

export const PolicyVersion = ({version, effective}) => <p><strong>Version {version}</strong> · Effective {effective}. Change history is tracked in version control.</p>;

The Logging and Monitoring Policy defines what botBrains logs, how botBrains protects and retains those logs, and how we monitor systems and review security events. Centralized logging and alerting give us the observability to detect issues and investigate incidents.

<Warning>
  botBrains is **not yet ISO 27001 certified**. We are preparing our ISMS and writing these policies as part of pursuing certification, and we fully intend to get our controls attested.
</Warning>

<PolicyVersion version="1.0" effective="July 1, 2026" />

## Scope

This policy applies to all botBrains production systems and the services that collect their logs and metrics. Our [subprocessors](/trust/subprocessors) page lists the logging and monitoring providers.

## What we log

Production systems emit structured logs and metrics covering operational and security-relevant events.

| Category                       | Examples                                                       |
| ------------------------------ | -------------------------------------------------------------- |
| **Authentication and access.** | Sign-ins, failed attempts, and administrative actions.         |
| **Application events.**        | Requests, errors, exceptions, and background job outcomes.     |
| **System and infrastructure.** | Resource usage, capacity metrics, and service health.          |
| **Security events.**           | Configuration changes and conditions that may indicate misuse. |

Each event records the date and time, the type of event, the responsible user or process where applicable, and enough detail to understand what happened. botBrains synchronizes system clocks to reputable network time sources so events correlate across systems. botBrains minimizes personal data in logs and doesn't log secrets or credentials.

## Where logs go and how we protect them

botBrains centralizes logs and metrics in **Better Stack** (EU, headquartered in Poland), our dedicated log and alerting platform. **Sentry** (EU) tracks application errors. Langfuse handles AI tracing that records model inputs and outputs, as listed in our [subprocessors](/trust/subprocessors).

Centralizing logs on a dedicated platform protects them against tampering and unauthorized changes from the systems that generate them. botBrains restricts access to log data to the **LogAdmin** role under least privilege, and authentication and access reviews follow the [Access Control Policy](/trust/policies/access-control-policy). botBrains encrypts log data in transit and at rest per the [Cryptography Policy](/trust/policies/cryptography-policy).

## Monitoring, alerting, and SIEM

botBrains continuously collects infrastructure and application metrics into Better Stack and uses Sentry for error alerting. Alerts for conditions that threaten the confidentiality, integrity, or availability of production systems or customer data notify the team for prompt response. botBrains runs **Wazuh** as its security information and event management (SIEM) and intrusion detection (IDS) system, monitoring centralized logs for intrusion indicators. It doesn't run an active intrusion prevention system. botBrains publishes system availability on our [status page](https://status.botbrains.io).

## Reviewing events and responding

The team reviews alerts as they fire and reviews relevant logs during investigations. The team escalates events that indicate a security incident and handles them through the [Incident Management Policy](/trust/policies/incident-management-policy). botBrains logs administrative and operator activity and keeps it available for review ([Employees Only: Logging & monitoring evidence](https://app.notion.com/p/390481da93cf81caa0a8cac582b66069)).

## Retention

botBrains retains each log and telemetry store for a fixed period that balances investigation and audit needs against data minimization. The [Data Retention Policy](/trust/policies/data-retention-policy) is the canonical record and matches the periods below.

| Store             | Data                                  | Retention                                                                                                                               |
| ----------------- | ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| **Better Stack.** | Application logs, metrics, and alerts | 30 days                                                                                                                                 |
| **Sentry.**       | Error events                          | 90 days                                                                                                                                 |
| **PostHog.**      | Product analytics                     | 7 years                                                                                                                                 |
| **Langfuse.**     | AI interaction traces                 | Langfuse's default configuration. botBrains hasn't set a shorter contractual cap yet and is reviewing this store for data minimization. |

## ISO 27001 mapping

This policy supports Annex A controls 8.15 (logging), 8.16 (monitoring activities), and 8.17 (clock synchronization).

## Review

The CISO owns this policy and reviews it at least annually and whenever a material change to our logging tools, monitoring setup, or retention practices occurs.
