LLogbook
Security

Zero-knowledge, by default.

We treat your credentials, files and meeting notes the way we want ours treated: encrypted in your browser before they ever reach our servers, with a per-user wrapped key that even our staff cannot unwrap.

Read the whitepaperRequest our DPA
How we protect your data

Built for the parts of your business you cannot afford to leak.

Every primitive in Logbook is chosen for one reason: we cannot read your data even if we wanted to.

Encrypted in your browser

Credentials, files and notes are encrypted with AES-256-GCM in the browser before they leave your device.

PBKDF2-SHA256 key derivation

Your master password derives a key with 600,000 PBKDF2 iterations — never stored, never transmitted.

EU-only hosting

Workloads run in Frankfurt and Amsterdam. No data leaves the EU, no US sub-processor on the hot path.

Per-user wrapped DEK

Each project has a Data Encryption Key wrapped per user. Revoking access revokes the wrap — instantly.

EU-hosted infrastructure
How a credential reaches your team

Four steps. None of them include "trust Logbook".

When you save an SFTP password, here is exactly what happens — and what we can and cannot see.

  • Encrypt locally — your browser derives a key from your master password and encrypts with AES-256-GCM.
  • Wrap per recipient — the DEK is wrapped with each teammate’s public key.
  • Store ciphertext only — never the master password, the DEK or the plaintext.
  • Decrypt on access — the recipient’s browser unwraps and decrypts in memory.
See the technical detail
Interactive demo coming soon.
Operational guarantees

The numbers we hold ourselves to.

0.0

Uptime SLA on Standard plans and above

< 1h

RPO for project data (point-in-time recovery)

< 4h

RTO for full workspace restore

EU

Hosting region — Frankfurt & Amsterdam

Compliance & primitives

The standards we actually meet.

No vague "enterprise-grade" claims. Below are the exact primitives, controls and contracts you can audit before you sign.

GDPR & DPA

Signed Data Processing Agreement included on every paid plan. Sub-processor list publicly maintained.

Article 28 compliant

AES-256-GCM

All secrets, files and meeting notes are encrypted with authenticated encryption at rest.

AES-256-GCM

PBKDF2-SHA256

Master keys derive with 600,000 PBKDF2 iterations using SHA-256. Never transmitted, never stored.

600,000 iterations

EU-only hosting

Application and database tiers run exclusively in Frankfurt and Amsterdam. Backups stay in-region.

eu-central-1 / eu-west-1

Per-user wrapped DEK

Each project DEK is wrapped per user. Revoking a teammate revokes the wrap immediately and irreversibly.

Per-user wrap

Zero-knowledge by design

Logbook staff cannot decrypt customer secrets. We cannot reset your master password — only you can.

Zero-knowledge
Request the security whitepaper
FAQ

The questions security teams actually ask.

No. The DEK that decrypts your secrets is wrapped with your public key. Without your master password, no one — including us — can unwrap it.
Talk to security

Have a security questionnaire? We answer them in days, not weeks.

Send it along — we usually reply within one business day with the whitepaper attached.

Email security@