tailwise.dev

Trust & Security

Built to be boring with your data.

Tailwise reads your server logs to warn you about errors before your visitors hit them. That means you are trusting us with sensitive output, so here is exactly how it is handled, in plain terms.

Last reviewed 1 June 2026.

The short version

Your logs stay in the EU

Stored on our own servers in Germany. Alert email is sent from an EU region. We never copy your logs to a third-party AI provider, analytics service, or data warehouse.

We never see your card

Payment runs entirely on Stripe-hosted checkout. Card numbers never touch our servers. We keep only your subscription status and the email tied to it.

Encrypted in transit

Every byte between the agent and Tailwise travels over HTTPS/TLS. Each request is authenticated with your private token.

You choose what ships

The agent reads only the log files you point it at. It cannot reach your source code, your database, or anything outside those paths.

Passwordless accounts

Sign in with a one-time magic link, or add two-factor and passkeys. Email is verified before an account reaches any data.

Tightly scoped access

Access to the systems that hold your data is restricted to the people who operate Tailwise. No standing access from support tooling, no shared inboxes into your logs.

How your data is separated

Tailwise runs as two independent parts, on purpose:

  • The collector is the only thing that receives your logs. It accepts a request only when it carries an active token, writes the lines to storage that sits outside the public web root, and serves nothing back. Your stored logs are not reachable over the web.
  • The control plane handles the website, your account, and billing. It reads only a small, read-only summary of which tokens are active. It never sits in the path that ingests your logs, so a problem on the website cannot expose the log store.

A useful side effect of that split: the agent is a tiny cron job with no link to your web stack, so it keeps shipping alerts even when your application, or WordPress itself, has crashed. That moment is exactly when you need to be told.

Billing and accounts

  • Checkout is created and hosted by Stripe. We do not build our own card forms, so card data never reaches us.
  • Payment events from Stripe are accepted only after their cryptographic signature is verified, and rejected if it cannot be. Nobody can forge a subscription into existence.
  • Accounts log in passwordlessly through a single-use, time-limited link, with optional two-factor authentication and passkeys. An account must prove control of its email address before it can reach any dashboard.

Where your data lives

ProviderPurposeLocation
Hetzner Online GmbHServer hosting and log storageGermany (EU)
Sinch (Mailgun)Alert and account emailEU region
Stripe, Inc.Billing only, never your logsUS (under EU Standard Contractual Clauses)
CloudflareDNS resolution only, no proxy on the log pathGlobal DNS

The same list, with full detail, lives in our Data Processing Agreement. What we collect and your rights under GDPR are in the Privacy Policy.

What we do not do

  • We do not store your card number.
  • We do not send your raw logs to any third-party AI provider or analytics service.
  • We do not set tracking cookies or run ad pixels on tailwise.dev.
  • We do not keep your logs after you leave; they roll over and are deleted as part of normal housekeeping.

Honest limitations

Trust pages that claim perfection are not trustworthy, so here is what we want you to know:

  • Tailwise does not yet strip secrets or personal data from inbound log lines on our side. Built-in redaction is on the roadmap. Until it ships, point the agent only at files you are comfortable sending, and keep card data and special-category personal data out of those paths.
  • You control which files the agent reads, which means you also control what reaches us. Choosing log paths carefully is the most effective privacy control you have.

Reporting a vulnerability

If you find a security issue, please email marinus@mklasen.com directly. It reaches us, not a ticket queue. Tell us what you found and how to reproduce it, and please give us a reasonable chance to fix it before disclosing publicly. We are grateful for the help.

Questions about any of this: marinus@mklasen.com.