Case Study: How Kaizen Gaming Cut Log Latency 10x | See Full Story >>

Contact Us
Free Tools
See Demo
Graylog logo blue

Graylog Privacy Policy

Graylog Privacy Statement

Graylog Privacy Statement ("Privacy Policy")

Updated: February 2025

This Privacy Policy explains how Graylog, Inc. and its subsidiaries ("Graylog") collect, use, and disclose information you provide to us or which we otherwise collect ("Information"), including "Personal Data" meaning Information about an identified or reasonably identifiable individual.

This Privacy Policy applies to Products (as defined in the Graylog General Terms), Graylog.com and to other websites Graylog operates that link to this Privacy Policy. This Privacy Policy does not apply to Personal Data processed by Graylog as a processor or to Graylog as an employer.

The use of our Products and our website are subject to the terms of the applicable customer agreement set forth at https://graylog.com/legal. The terms of this Privacy Policy are incorporated into and form part of that agreement.

Data Collection

There are two primary ways in which Graylog collects Information about you: through our Products and Interactions as set forth below.

What We Collect via Our Products

We collect and process different types of data (described below) when you deploy our Products to fulfill our contractual and legal obligations, to operate our business, or fulfill other legitimate interests. The type of data we collect via our Products is Usage Data, which is data generated from the usage, configuration, deployment, access and performance of a Product. We summarize for you here the types of usage data collected and the purposes for which we use this data below.

Usage Data Collected

Data about your operating environment and configuration, user Interactions, and sessions related to your use of our Products. This may include information and related metadata about your network and systems architecture and configurations, OS and Product versions, Product configurations, installed applications, feature utilizations and frequencies, page loads and views, number and types of searches, errors, number of active and licensed users, source, source types and formats (e.g., json, xml, and csv), web browser details, http referrer page, and app workflows.

Data that allows us to identify account entitlements, such as license entitlement consumption, license capacity, or license type in our systems through an assigned license ID.

A combination of the above two, to provide account support including features used, deployment topology, performance metrics and license ID. The Information is user/customer-identifiable so that we can help address your specific issue and personalize your experience.

If you use a device to access a Product via an application "Apps" or "App", as discussed below, that associates your device with an identifier for your App. We may also receive information that your device sends when you use our Apps, such as a device identifier or OS. Depending on a customer's configuration of our Products, location information about users may be shared with Graylog. You can disable location sharing using the location-setting features on your device.

For more information about the data collected through our Products, see the Product specific documentation at Documentation.

How We Use Usage Data We Collect via Our Products

We use the data and Information described above to fulfill our contractual obligations in providing the Products to you and to fulfill our legitimate interest in supporting and enhancing them. For example, we may use this data and Information to:

  • Troubleshoot issues, provide support, and update our Products
  • Provide guidance to help you optimize your configuration, security, and usage of our Products
  • Better understand how our users use and configure our Products
  • Determine which configurations or practices optimize performance (e.g., best practices)
  • Benchmark key performance indicators ("KPIs")
  • Recommend enhancements
  • Perform data analysis and audits
  • Identify, understand, and anticipate performance issues and the factors that affect them
  • Identify product security issues that may affect you and inform you of them
  • Improve and develop new features and functionality
  • Monitor the health, performance, and security of our Products
  • Validate accounts, automate license verification, and offer enhancements
  • Offer accelerated troubleshooting, notices of patches/upgrades, tips to optimize usage, security, configurations and/or performance, and suggestions about other Products that may be of interest to you
  • Analyze usage trends, such as by data type, environment size, scale and architecture, and industry or sector, to develop and prioritize product enhancements (e.g., bug fixes or new features)
  • To help us improve the user experience and personalize your services and content
  • For any other purpose disclosed to you in our Interactions or other third-party platforms from time to time

You may elect to turn off data collection at any time within our product.

Other Collection Practices

We also collect Information from you to fulfill our contractual commitments to you. For example, we collect contact Information such as name, address (email and physical) and phone number to enter you into our databases and manage your account. We also collect billing and payment Information and information about how you use our Products, including Information such as browser type, version number and operating system (OS), to administer your account, respond to customer service/support inquiries, and provide you with information about software updates via alerts or other "push" notifications. We may share this Information as described in How Graylog Shares Your Information. We do not sell this Information.

Data Collection Practices Associated with Apps

We may offer Graylog's Products as software applications commonly called "apps," "add-ons," "widgets," or "technical add-ons" that may link to this Privacy Policy. We refer to these collectively as "Apps." These Apps may have access to a broad set of web technologies that can be used to collect and use your Information. This Privacy Policy only applies to Apps built by or on behalf of Graylog. It does not apply to Apps developed by others ("App Developers"), third-party marketplaces or repositories (e.g., AWS Marketplace, Google Play Store, and GitHub), or that are otherwise interoperable with our Products. Apps developed by App Developers are subject to their privacy notices.

Graylog requires App Developers to comply with applicable privacy and data protection laws but cannot guarantee that they do so. Before you use Apps created by App Developers, you should familiarize yourself with their privacy policies and license agreements.

Graylog collects Information generated from the use and performance of Apps that interoperate with its Products, such as crash data, version, session duration, and user engagement (e.g., number of downloads, active/licensed users, and logins). We may share this data with App Developers so they can improve and enhance the performance of their Apps.

How We Use Usage Data We Collect via Interactions

When you Connect online or offline with Graylog, we may receive your Information, including your Personal Data. For example, we receive your Information when you:

  • Visit Graylog's websites or offices
  • Download materials through our websites
  • Provide or update account or contact details through our websites
  • Register for, attend, speak at or otherwise participate in Graylog-hosted or sponsored events (including, but not limited to, conferences, promotional events, webcasts, contests, or hackathons)
  • Participate in community programs and Graylog-related repositories on third-party open-source platforms
  • Communicate with us (including by email, phone, text, online chat, or social media)
  • Provide testimonials or feedback

We collect Information about you from other sources such as public databases, commercial data sources, joint marketing partners, resellers, managed services providers and other partners, social media platforms, industry groups, and conference/event hosts.

We refer collectively to these contacts as "Interactions" and we explain below how we use the Information we collect through them.

What We Collect via Your Interactions

We (or others acting on our behalf) may collect your Information, including your Personal Data, through Interactions. The Personal Data we collect includes such things as:

  • Name or alias
  • Email address
  • Physical address, including country
  • Employer
  • Industry group participation
  • Title / position
  • Payment details
  • Phone number
  • Username / user ID
  • IP address
  • MAC address (or other device identifiers automatically assigned to your device when you access the internet including browser or device type)
  • Images and related metadata (for example, when visiting our offices or attending an event)
  • Content of your communications and files you input, upload, or create
  • Videos (for example, when you provide a product testimonial)

We collect Personal Data in various ways, such as when you manually key in your Personal Data to our website forms or provide it to us or others from whom we receive marketing leads. From time to time, we offer virtual private networks (VPNs) or Wifi access for attendees at Graylog events or visitors to our offices. If you access a Graylog-provided VPN or WiFi, we may collect Personal Data from you, such as IP and MAC addresses, when we monitor the VPNs and WiFi for security or performance.

IP addresses are also collected on an automated basis through your use of the website services using cookies, web beacons, and like technologies. We may infer your location from your IP address. For more on the use of cookies and like technologies, see How We Use Information Collected from Interactions (below).

We may use third-party payment processors to collect credit card or other financial data for a specific transaction only. Graylog does not store the credit card data you provide, only payment confirmation information.

How We Use Information Collected from Interactions

Graylog uses the Information we collect from your Interactions to deliver Products to you in accordance with our terms, to fulfill our contractual and legal obligations, or to pursue legitimate business interests, as described below. Here is a summary of the purposes for which we use your Information, including Personal Data, to:

  • Fulfill your orders or respond to your requests for information and other inquiries. For example, to satisfy your requests for website materials such as marketing collateral or whitepapers, we collect and use your name and email address.
  • Operate, enhance, and personalize your experience on our websites. We collect Information via cookies and other information-gathering technologies (with your consent, where required) to fulfill our legitimate interest in operating our website, making it easy to navigate, and enriching the available content and Product information tailored to your interests. In doing so, we may receive your location Information, which you can disable by configuring the location sharing permissions in your device.
  • Issue you Graylog accounts and provide you access to, and/or enable your participation in, online communities and forums or to provide you with access to certain Products. Certain Products that display the Graylog name but present you with their own privacy notice are subject to such privacy notice and not this Privacy Policy. When you join our online communities and forums, including blogs and Graylog-branded business communication and streaming platform channels (collectively, "Online Forums"), we collect your Personal Data to enable your access and provide an interactive experience when you participate. The guidelines associated with those Online Forums recommend not sharing private or proprietary Information on them, as many of their aspects are public. If you choose to submit content to online forums, such content will be considered public and will not be subject to the privacy protections set forth in this Privacy Policy unless expressly required by law. Online Forums that display the Graylog name but present you with their own privacy notice are subject to such privacy notice and not this Privacy Policy.
  • Send you administrative notices. We may need to notify you (or we may choose to inform you) when we make updates to our terms or policies or make changes to our website or Products. We will use your name and email address to send such administrative notices to you, which due to their nature are treated differently from marketing communications from which you can opt out.
  • Manage your Graylog account. To perform the services under the contract between you and Graylog, we need to collect certain Information from you such as your contact information and payment details. Without this Information, we may not be able to deliver the services or comply with our contractual or legal obligations.
  • Advertise and market to you. With your consent or to pursue our legitimate interests as a business, we may contact you with announcements about our Products, educational materials, announcements about special offers, or information about upcoming or ongoing online/offline events, and related offers. We will give you the choice to opt out of receiving these communications and, if required by applicable law, we will ask you for your consent before sending such communications.
  • Administer prize promotions and events. We use your Information to administer prize promotions and events based on the terms of the promotion or event. For example, if you enter into a prize promotion, we may use your data for winner selection and to provide the prize to you, if you win. Registration for a coding workshop or other events may require adding your name to the list of expected attendees. If selected, we may seek your consent to announce you as a winner, which you may withdraw at any time. However, we will retain information collected in Interaction with your enrollment with the prize promotion or event.
  • Invite you to participate on customer advisory boards or in surveys, studies, and assessments of Products or potential future Products. We use your Personal Data to register you to participate on advisory boards (such as our Customer Advisory Boards, Product Advisory Councils, or Developer Advisory Boards) or to request feedback from you about our Products or potential future Products. We use your feedback to fulfill our legitimate interest in improving our current and future Products and growing our business. Your participation is voluntary and subject to the terms of any agreements with us and this Privacy Policy.
  • Diagnose and fix technical issues, monitor for security, and otherwise protect our property. We do this to satisfy our legitimate interest in assessing actual or potential technical issues or threats to our facilities, attendees at Graylog-sponsored events, our IT systems and networks, Products, and website services. We may process your Information, particularly your IP address, for this purpose.
  • Comply with law. We may use your Information to comply with any applicable laws, regulations, legal process, or governmental requests, or to protect our legal rights or those of others.
  • For any other purpose disclosed to you in connection with our Products, website services, or other third-party platforms from time to time. If we process your Personal Data for other purposes, we will provide you with information about such processing, and if required, obtain your consent.

Opting Out of Marketing Emails

If you no longer want to receive marketing emails from Graylog on a go-forward basis, please submit your request here: Data Request Form. Alternatively, you may use the "unsubscribe" feature in our marketing email messages to opt-out of receiving marketing email messages.

Products

We also collect Information, including Personal Data, when providing our Products. We may ask you for this Information directly, or in some cases, we may collect it as you use our Products. For example, we collect Information from or about you when you (or someone you work with):

  • Order or sign up for a trial of our Products
  • Connect with Graylog online or offline, including when you request support services
  • Log into or use our Products, including Graylog Open, our open source product

How Graylog Shares Your Information

Graylog may disclose your Information to others in the following ways:

  • Subsidiaries. We may disclose Information to our subsidiaries subject to this Privacy Policy so that they can help market, sell, and service our Products. Graylog is the party responsible for the management of jointly used Personal Data.
  • Service Providers. We may disclose Information to our service providers (e.g., infrastructure as a service, order fulfillment, professional/customer/support services), pursuant to written agreements with confidentiality, privacy, and security obligations.
  • App Developers. We may disclose Information about App use and performance with App Developers so that they can improve and enhance the performance of their Apps. With your consent, we may also disclose your Information to App Developers to help support the performance of their Apps. App Developers will be identified to you when you download and use their Apps pursuant to their license and other terms.
  • Partners and Sponsors. We may disclose account and contact details to our partners and event hosts/sponsors (identified at time of registration or event participation) pursuant to written agreements with confidentiality, privacy, and security obligations. They may use the Information to assess your interest in our Products, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies. We may also share Usage Data with partners when they manage your Product for you.
  • Internet Activity Service Providers. We may disclose Internet or other electronic network activity Information, including, but not limited to, browsing history, search history, and Information regarding a consumer's interaction with a website, or advertisement if you enable or do not disable advertising cookies.
  • Online Forums. When you take certain actions on blogs and Graylog-branded business communication and streaming platform channels ("Online Forums") that are public or intended to be public in nature, such as when you broadcast content, participate in a chat room, post profile Information, or follow a channel, that Information may be collected, used, or disclosed by other participants in the Online Forums. In addition, some features of Online Forums are designed to provide others with Information about user activity, such as the subscription status of users for a given channel.
  • Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements; respond to requests from public or government authorities (including those outside your country of residence); enforce our terms and conditions; and protect our operations and rights and safety of you and others, as needed. For more information about data we disclose in response to requests from law enforcement and other government agencies, please fill out this Data Request Form.
  • Merger, Sale, etc. We may disclose Information in the event of a proposed or actual corporate or financing transaction, such as a reorganization, merger, sale, joint venture, acquisition, assignment, transfer, or disposition of all or any portion of Graylog business, assets, or stock (including Information regarding any bankruptcy or similar proceedings).
  • Other Users. We may disclose Information to other users of our Products in aggregated format, provided it does not include Personal Data. This may include "best practices" tips, key performance indicators (KPIs), benchmarking data or other such aggregated information useful to the user community. For select Products, we may share Information you provide, such as security artifacts that may contain Personal Data (e.g., IP address) with other subscribers, but only if required as part of the Product, as set forth in the relevant terms.

Cookie Preferences

Graylog honors Global Privacy Control (GPC) signals that you enable on your browser. If you do not have GPC enabled on your browser or device, and depending on your location, you may choose to opt-out of enabling cookies for our website. If you wish to change previously selected cookie preferences, please contact us here: Data Request Form.

How We Secure Your Information

Graylog takes reasonable technical and organizational measures to safeguard Personal Data against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system is guaranteed to be 100% secure. If you have reason to believe that your Personal Data may no longer be secure (for example, if you feel that the security of an account has been compromised), please notify us immediately via the communication channels in the Contact Graylog section below. If Graylog learns of a breach of its systems, Graylog may notify you or others consistent with applicable law and/or as agreed in our contract with you. Graylog may communicate with you electronically regarding privacy and security issues affecting Information collected through your Interactions or use of our Products.

How Long We Store Your Information

Retention Period. We retain your Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law.

Information you store in Graylog cloud environments is portable by you at the end of the term of your agreement with Graylog. We retain your contract information for the duration of your agreement with us and thereafter as required or permitted by law. We keep a record of your data requests, including your requests to opt out of marketing communications, to honor them in the future.

Minors

Use of Products by Minors. Our Products, Graylog.com and other websites Graylog operates are not directed to individuals 16 and under or those not of the age of majority in your jurisdiction, and we request that these individuals, or others on their behalf, not provide us with their Information.

Your Rights

In certain locations, you may have rights under data protection law, such as to request access to or correction, deletion, or transfer of your Personal Data, or to object to or restrict Graylog from using it for certain purposes. If you would like to exercise these rights, please submit your request, with a description of the nature of your request and the Personal Data at issue, to Data Request Form, and we will respond as soon as reasonably practicable consistent with applicable law. We will verify your identity before we comply with your request and ask for your cooperation with our identity verification process.

European Economic Area, the UK, and Switzerland

We rely on a variety of legal bases to process Personal Data, including your consent, a balancing of legitimate interests, necessity to enter into and perform contracts, and compliance with a legal obligation. If we process your Personal Data based on your consent, you may withdraw your consent at any time. We will let you know if we are seeking to rely on your consent at the time of collection.

If you have any questions or concerns about Graylog's privacy practices, you can contact us here: Data Request Form.

Your Rights

Individuals located in the UK or European Economic Area are granted certain rights related to Personal Data, including the ability to:

  • Ask whether we process Personal Data about you, and if we do, to access the Personal Data and certain information about how we use it and who we share it with
  • Request that we delete the Personal Data we hold about you in certain limited circumstances
  • Request that we stop processing the Personal Data we hold about you
  • Request that your Personal Data be provided to you or another organization in a structured, commonly used and machine-readable format
  • Object to our processing of data about you, including in relation to processing your Personal Data for marketing purposes
  • Withdraw consent if processing of your Personal Data is based on consent

If you or a designated third-party agent would like to exercise these rights, please submit the request to Data Request Form and we will respond in accordance with our legal obligations. We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request and ask for your cooperation with our identity verification process.

Lawful Basis for Transferring Your Data: Cross-border Transfers

Your Personal Data may be stored and processed in any country where Graylog, its subsidiaries, partners, sub-processors, and third-party service providers conduct business or host events. These locations may be outside of your country of residence, including in the United States, where different data protection laws may apply. When we transfer Personal Data, we implement safeguards for protection of the transferred Personal Data, such as standard contractual clauses. We put in place appropriate terms to protect your Personal Data in our agreements with our service providers, processors, and sub-processors.

EU-U.S. Data Privacy Framework

Graylog has begun the process to certify to the Department of Commerce that we adhere to the Data Privacy Framework Principles ("Principles") of the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, and Graylog complies with all its obligations under the Principles. However, Graylog does not currently rely on the frameworks for transfers of Personal Data from the EU/EEA/Switzerland and the UK to the United States in its role as a controller. Instead, we continue to rely on standard contractual clauses. To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.

California

Capitalized terms in this section are as defined in the California Civil Code.

If you are a California Consumer, California law provides you with specific rights regarding your Personal Information, subject to certain exceptions. These rights include:

  • The right to know the categories of Personal Information a business collects about you, the purposes for which such Information is collected or used, whether the Information is sold or shared, and the length of time a business intends to keep the Information
  • The right to request deletion of Personal Information a business collects from you
  • The right to request correction of inaccurate Personal Information
  • The right to request disclosure of Information collected, including specific pieces of Personal Information collected about you
  • The right to request disclosure of Information Sold or Shared
  • The right to opt-out of the Sale or Sharing of Personal Information
  • The right to non-discrimination for exercising your rights

If you or a designated third-party agent would like to exercise these rights, please submit the request to Data Request Form and we will respond in accordance with our legal obligations. We will verify your identity, and the identity of any third-party agent acting on your behalf, before we comply with the request, and ask for your cooperation with our identity verification process.

Graylog may collect the following categories of Personal Information from California Consumers for purposes outlined in How We Use Information Collected from Interactions and What We Collect via Our Products:

  • Identifiers or other elements of Personal Information under California Civil Code Section 1798.80 and 1798.140 such as those described in What We Collect via Your Interactions. Identifiers are retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law.
  • Characteristics of protected class Information about veteran's status if you applied for a veteran's discount on educational credits. Graylog does not collect this Information directly. We use service providers to confirm eligibility. Eligibility status is retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law.
  • Characteristics of protected class Information to verify disability status to grant reasonable accommodations for Graylog Certification testing. This Information is not stored by Graylog, only whether an accommodation was granted.
  • Commercial Information about products or services as described in Other Collection Practices. This commercial Information is retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law.
  • Internet or other electronic network activity when you Connect with Graylog's website as described in What We Collect via Your Interactions and What We Collect via Our Products. Internet or other electronic network activity data is retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law. You may change your cookie preferences at any time. A full list of cookies and their sources are available on written request.
  • Geolocation data such as IP address as described in What We Collect via Your Interactions and What We Collect via Our Products. Geolocation data is retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law. You may change your cookie preferences at any time. A full list of cookies and their sources are available on written request.
  • Inferences drawn from any of the Information identified in 1798.140. Any such inferences will be retained for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or not prohibited by applicable law.

Within the scope of this Policy, Graylog does not collect or process Sensitive Personal Information about California Consumers.

Graylog did not – in the preceding 12 months – and does not Sell or Share Personal Information of California Consumers. Graylog will seek your consent for use of cookies that are not strictly necessary, and you can select which cookies to enable. If you wish to change previously selected cookie preferences, please use the unsubscribe button or fill out our Data Request Form.

The source of each of these categories of Personal Information are outlined in this Privacy Policy in the Interactions and Products sections respectively.

The categories of Third Parties to whom Personal Information may be disclosed are outlined in this Privacy Policy in the How Graylog Shares Your Information section. We may have disclosed any of the above categories of Personal Information pursuant to an individual's consent or under a written contract with a Service Provider for a Business Purpose.

Other U.S. States with Data Privacy Laws

The categories of Personal Data processed, the purposes of processing Personal Data, the categories of Personal Data shared with third parties and the categories of third parties with whom Graylog shares Personal Data are as outlined above.

Consumers in US states with privacy laws have privacy rights, such as to request access to or correction, deletion, or transfer of their Personal Data, or to object to or restrict Graylog from using it for certain purposes. If you, or a person you have authorized, would like to exercise these rights, please submit your request, with a description of the nature of your request and the Personal Data at issue and we will respond in accordance with our legal obligations. We will verify your identity before we comply with your request and ask for your cooperation with our identity verification process.

In the event Graylog declines to take action on your request, we will respond with the legally-required information, including where applicable, instructions for how to submit your appeal. Once an appeal is received, Graylog will respond to the appeal in compliance with applicable law.

Graylog does not sell your Personal Data. Graylog will seek your consent for use of cookies that are not strictly necessary and you can select which cookies to enable. If you wish to change previously selected cookie preferences, please use the unsubscribe button on any emails or fill out our Data Request Form.

If you have any questions or concerns about Graylog's privacy practices, you can contact us at any time via the contact options listed under Contact Graylog below.

Links to Other Parties

Our Products may contain links to, or facilitate access to, other websites or online services. This Privacy Policy does not address, and Graylog is not responsible for, the privacy, information, or practices of other parties, including without limitation any app developer, social media platform provider, wireless service provider, or device manufacturer. The inclusion of a link within the Products does not imply endorsement of the linked site or service by Graylog. Graylog encourages you to review the privacy policies and learn about the privacy practices of the companies whose websites you choose to visit or apps you choose to use.

Updates to this Privacy Policy

We may change this Privacy Policy from time to time and will post our updates at https://www.graylog.com/privacy.

Contact Graylog

If you have any questions or comments about this Privacy Policy or Graylog's privacy practices, you can contact us at any time at [email protected].