Architecture Overview
LogTrunk is a native desktop application built with Tauri (Rust backend) and runs entirely on your local machine. It does not require an internet connection to function, except for optional features like license activation and LLM-assisted parsing.
Data Handling
What Stays Local
- Log data — All ingested logs remain in memory on your device and are never transmitted
- Settings & preferences — Stored locally in your app data directory
- Patterns & pipelines — Custom configurations saved as local JSON files
- Pinned logs & markers — Session data stored locally
Data Retention
- Logs are stored in memory only (not persisted to disk)
- Configurable log limits per tab (up to 50,000 logs in Pro)
- Clearing a tab or closing the app removes log data from memory
- Uninstalling the app removes all locally stored configuration
Encryption
At Rest
| Data Type | Storage Method | Protection |
|---|---|---|
| API Keys (LLM providers) | OS Keychain | macOS Keychain / Windows Credential Manager / Linux Secret Service |
| License Data | OS Keychain + Local Store | Encrypted by OS-level security |
| Settings | Local JSON file | User-level file permissions |
| Log Data | Memory only | Not persisted; cleared on app close |
In Transit
- All external API communications use HTTPS/TLS
- License validation: TLS to LemonSqueezy API
- LLM requests: TLS to provider endpoints (Anthropic, OpenAI, Google, or custom)
- Update checks: TLS to update server
Network Security
Outbound Connections
LogTrunk only makes outbound connections for:
| Service | Domain | Purpose | When |
|---|---|---|---|
| License Validation | api.lemonsqueezy.com | Activate/validate Pro license | On activation, daily validation |
| App Updates | download.bytecat.co | Check for new versions | Periodic background check |
| LLM Providers | api.anthropic.com, api.openai.com, etc. | AI-assisted format detection | Only when user triggers feature |
Local Network Services
LogTrunk can run local servers for log ingestion:
- TCP/UDP listeners — Configurable ports, localhost or network interfaces
- HTTP endpoint — For webhook-style log ingestion
- MCP Server — Binds to
127.0.0.1(localhost only) by default - REST API — Local access for automation tools
Firewall Considerations
- No inbound connections required from the internet
- Local listeners can be restricted to localhost if desired
- Outbound HTTPS (443) required only for optional features
Access Controls
Authentication
- No user accounts or passwords required
- License activation uses a license key (not personal credentials)
- Device fingerprinting prevents unauthorized license sharing
Device Identification
For license validation, LogTrunk generates a device fingerprint:
- One-way SHA256 hash of machine ID + app-specific salt
- Cannot be reversed to obtain original machine identifier
- Used only for license activation limits
- Stored with LemonSqueezy (our payment provider)
Feature Access
Pro features are gated by license validation:
- LLM integration (AI-assisted parsing)
- MCP server (AI debugging integration)
- Custom themes
- Export/Import functionality
- Unlimited tabs and higher log limits
Third-Party Services
LemonSqueezy (Payment & Licensing)
- Purpose: License key validation and activation management
- Data shared: License key, device fingerprint (hashed), hostname
- Compliance: LemonSqueezy Privacy Policy
LLM Providers (Optional)
If you enable AI-assisted features, log samples are sent to your chosen provider:
- Anthropic — Claude API
- OpenAI — GPT API
- Google — Gemini API
- Custom — Self-hosted or OpenAI-compatible endpoints
You provide your own API key. We do not have access to your LLM usage or the data you send. For sensitive environments, use a self-hosted model via the custom endpoint option.
Audit & Logging
Application Logging
- Configurable log levels: error, warn, info, debug, trace
- Command-line parameter:
--log-level - Environment variable:
LOG_LEVEL - Logs include timestamps and context tags
Events Logged
- License activation/deactivation
- Feature access attempts
- MCP server lifecycle events
- API connection status
- Tab creation/closing
- Source configuration changes
Offline Operation
LogTrunk is designed to work offline:
- All core functionality works without internet
- License validation has a 24-hour grace period
- Cached license status allows offline use
- LLM features are the only functionality requiring internet (and are optional)
Incident Response
Because LogTrunk processes data locally and does not store user data on our servers, security incidents have limited scope:
- No central database of user logs to breach
- No user credentials stored on our infrastructure
- License data managed by LemonSqueezy with their security controls
For security concerns, contact us at .
Compliance Considerations
SOC 2 Relevance
| Trust Principle | LogTrunk Approach |
|---|---|
| Security | Local-first architecture, OS keychain for secrets, TLS for all external comms |
| Availability | Offline operation, 24-hour grace period, no cloud dependency |
| Processing Integrity | Deterministic local processing, no remote data manipulation |
| Confidentiality | Data never leaves device, no telemetry, optional external connections |
| Privacy | No PII collection, no tracking, user controls all data |
GDPR
- Minimal data collection (device fingerprint for licensing only)
- No personal data stored on our servers
- Users control all locally stored data
- Right to erasure: uninstall removes all local data
HIPAA Considerations
LogTrunk processes logs locally without transmitting them to external servers. If you use LLM features with logs containing PHI, ensure your LLM provider has appropriate BAA coverage, or use a self-hosted model via the custom endpoint option.
Security Best Practices
Recommendations for security-conscious deployments:
- Use localhost-only binding for TCP/UDP listeners in sensitive environments
- Deploy self-hosted LLM (e.g., Ollama) instead of cloud providers for sensitive logs
- Configure appropriate log levels for your audit requirements
- Review network firewall rules to restrict LogTrunk's outbound access if needed
Questions?
For security questionnaires, vendor assessments, or additional compliance documentation, contact us at .