How we protect your information.

Encrypted in transit

All data transmitted between your browser and Logan is encrypted using HTTPS with TLS. Your information is never sent over an unencrypted connection. This applies to every page, every form, and every API call on the platform.

Passwords never stored in plain text

Your password is hashed using bcrypt before it is stored — a one-way cryptographic function that means your actual password is never saved anywhere in our system. Even Logan employees cannot see your password. Authentication is handled by Supabase Auth, an industry-standard authentication provider.

Your documents are yours

All estate planning documents are stored in Supabase Storage with row-level security policies. This means your documents are cryptographically isolated from other users — no one can access your documents without being authenticated as you. Documents are stored in a private bucket that is not publicly accessible.

We never see your card details

All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. Logan never sees, handles, or stores your full card number, expiration date, or CVV. When you enter payment information it goes directly to Stripe's servers over an encrypted connection — it never touches ours.

Sensitive notes encrypted at rest

The notes fields in your digital asset inventory — where you store access hints for crypto wallets, online accounts, and other sensitive information — are encrypted at rest before storage. The encryption uses industry-standard algorithms. Even in the unlikely event of a database breach, these notes are not readable without the encryption key.

Strict access controls

Access to Logan's production systems is restricted to authorized personnel only. We follow the principle of least privilege — team members only have access to the systems and data they need to do their job. All access is logged and reviewed.

Protecting your account

Logan accounts are protected by Supabase Auth. We recommend using a strong unique password and enabling two-factor authentication when available. If you believe your account has been compromised contact us immediately at Logantrustandwill@gmail.com. We will investigate and take appropriate action promptly.

Vetted third party providers

Logan uses a small number of carefully selected third party services. Each provider is evaluated for security practices before integration:

• Supabase — database, authentication, and file storage. SOC 2 Type II certified.
• Stripe — payment processing. PCI-DSS Level 1 certified.
• Resend — transactional email. Industry-standard email security including SPF, DKIM, and DMARC.
• Sentry — error monitoring. Anonymized error data only — no personal information included in error reports.
• PostHog — product analytics. Anonymized usage data only — no personally identifiable information in analytics.

Our security roadmap

We are a new company and we are honest about where we are. Here is what we are actively working toward as we grow:

• SOC 2 Type II certification — we plan to pursue this as we scale
• Penetration testing — independent third party security testing of the platform
• Two-factor authentication — available for all accounts
• Bug bounty program — a formal program for responsible disclosure of security vulnerabilities

Found something?

We take security reports seriously. If you believe you have discovered a security vulnerability in the Logan platform please contact us at Logantrustandwill@gmail.com with a description of the issue. Please do not disclose the vulnerability publicly until we have had a chance to investigate and address it. We will acknowledge your report within 48 hours and keep you informed of our progress.