How NurtureHub Protects Your Contacts' Data in Application Logs
How NurtureHub Protects Your Contacts' Data in Application Logs
Release: v1.0.95 · Control: SCR-09 · Category: Security / Data Protection
NurtureHub handles personal data on behalf of UK property agencies — contact email addresses, phone numbers, and authentication credentials. As part of our ongoing supply-chain security review, release v1.0.95 closes three logging patterns that previously allowed sensitive data to appear in plaintext inside application logs.
Why Logs Are a Privacy Risk
Application logs flow through multiple systems: your hosting provider's log aggregator, any observability or alerting platform you connect (e.g. Datadog, Sentry, Papertrail), and potentially third-party security tooling. If PII or authentication metadata is written to logs in plaintext, it is exposed to every system that touches those logs — far beyond the intended audience.
For UK property agents, contact data is subject to UK GDPR. Logging a contact's email address as part of routine delivery event tracking is an unnecessary processing activity that increases your data surface area without providing operational value.
What Was Fixed
Email Addresses in Delivery Webhooks
Every time NurtureHub confirmed a nurture email had been delivered via Resend, the recipient's full email address was written to the application log. This has been replaced with a redacted form — only a partial, truncated representation is logged, sufficient for debugging without exposing the full address.
OAuth Error Responses
When a Google or Microsoft OAuth token refresh failed — for example, when reconnecting a CRM integration — the complete HTTP error response body was logged. These bodies can include OAuth error codes, token metadata, and other grant-level details. The log output is now limited to the HTTP status code, which is sufficient to diagnose connectivity issues.
Phone Numbers in Twilio Routing Failures
If an inbound Twilio webhook could not be matched to an agency tenant, the full phone number was logged as part of the error message. This is now truncated to the last four digits only, preserving enough context for support investigations while keeping the full number out of log storage.
What Has Not Changed
These are log-only changes. No application logic, routing, delivery behaviour, or CRM sync has been altered. Agents will see no difference in the NurtureHub interface. Delivery confirmations, OAuth reconnection prompts, and Twilio-based features all behave identically.
Our Approach to Log Hygiene
NurtureHub follows a principle of minimum necessary logging: log entries should contain only the information required to diagnose a problem, and never raw PII. As we complete our SCR supply-chain security review, we are systematically auditing every log statement that touches contact data, authentication state, or third-party webhook payloads.
If you operate NurtureHub under a Data Processing Agreement with your agency, this release reduces the categories of personal data that may appear in infrastructure logs, which you may wish to note in your records of processing activities.