Logs contain sensitive information about system behaviour, user actions, and application performance. Treat logs as toxic: define a clear rationale for their creation, offload them securely at runtime, and ensure they are redacted and destroyed after a defined retention period. This applies to all environments and all data flows, including logs generated by secondary system services.