This is the published logging policy (§15.12.1 obligation 3) for this reference custodial-web wallet operator.
What we record
Account events. Registration time and email per user; passkey-add events.
Authentication events. User id, timestamp, and outcome (success or failure) for every sign-in attempt. Method (passkey or password) and IP class are not recorded in this version.
Liveness checks. The unauthenticated /healthz endpoint is not recorded.
What we do not record
The contents of presentations we sign on a user's behalf (which credential, which claims, which relying party). This is §15.12.1 obligation 1 and we treat it as load-bearing.
Cross-user correlation analytics. We do not run analytics over the authentication log.
Third-party trackers, advertising pixels, or fingerprinting scripts. There are none in the served pages.
Retention
For the reference deployment, all logs are retained for at most 30 days from the event. Production wallet operators MAY pick a different retention window and MUST publish it in their own version of this policy.
Versioning
This policy is version 1, dated 2026-05-08. When we change it we publish a new version and link the change set.