Information about data privacy, including our Record of Processing Activities, can be found at our Privacy page.
Application logs are those generated by the host application or application server (such as PHP-FPM). These logs are immutable to Customers to prevent tampering. They are also secured behind key-based SSH so that only the Customer and our relevant teams have access.
Platform.sh records routine system logs. We do not access Customer-specific system logs or the customer environment unless one of the following situations applies:
- we are requested to do so by the Customer,
- to fix a problem or outage,
- to prevent an outage, or
- to comply with a legal obligation.
There are two main types of access logs: Web and SSH.
Web access logs
Application access logs are immutable to Customers to prevent tampering. These logs are secured behind key-based SSH so that only the Customer and our relevant teams have access.
SSH access logs
SSH access logs are securely stored in our infrastructure and aren’t accessible to Customers. These logs can be accessed by Platform.sh support personnel as part of an audit, if requested.
Access by Customers and Platform.sh support personnel to customer environments is logged. However, to protect Customer privacy, we only log the connection itself, not what was done during the session.
Vendor data sharing
We have identified and mapped all data we collect and share with vendors. We know what categories of data are collected and to which geographical destinations such data is transferred. All of our vendors have been assessed for security and GDPR compliance. We have the relevant Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) in place where applicable.