Why I Built LuminaLog

I didn't start LuminaLog because observability is a glamorous problem. I started it because I was building a product for the Nigerian market and realized that every logging tool I tried was designed for someone else.

Datadog costs more per month than most African startups can justify at an early stage. New Relic's pricing is opaque. Self-hosting ELK requires a DevOps team you probably can't afford yet. And none of them — not one — treat PII protection as a first-class feature. They bolt it on. Or they leave it to you entirely.

Meanwhile, healthcare startups in Lagos are logging patient data. Fintechs in Accra are logging transaction records. Insurance platforms across West Africa are logging everything — and most of it is going into log files completely unprotected.

So I built LuminaLog. The pitch is simple: you should be able to ship fast, observe everything, and not accidentally expose your users' data in the process.

The Tension in Observability

Two things happened that convinced me this was urgent.

The first: a founder I know got a legal notice. Not a hack, not a breach in the dramatic sense — just log files. Their application was logging user emails and IP addresses in plaintext to a third-party logging service. Their legal team flagged it six months into launch. It cost them weeks of engineering time and a compliance audit they weren't ready for.

The second: I priced out setting up a compliant logging infrastructure for a side project of my own. Just to be GDPR-safe and get proper error tracking, I was looking at a minimum of $80–100/month before I'd written a single user. That's a rent payment in most of the markets I want to serve.

Here's the tension that LuminaLog is designed to solve: the markets that most need proper observability are the ones that can least afford the tools built for enterprise teams in San Francisco. A bootstrapped Healthtech startup in Nairobi shouldn't have to choose between "observe your system properly" and "protect your patients' data" and "stay within your runway."

They shouldn't be making that tradeoff at all.

How LuminaLog Solves This

LuminaLog is a cloud-native observability platform built to make compliance effortless without sacrificing the debugging tools engineers actually need. It's built on four core capabilities:

Real-time log ingestion and live tail — Send logs from any application, watch them stream in real time via WebSocket.
SmartScrub™ privacy engine — Automatic PII detection that replaces sensitive values with realistic synthetic data before logs ever reach storage.
AI-powered error analysis — Gemini 2.5 Flash automatically classifies new errors and generates root-cause summaries as they arrive.
Interactive AI Debug — Paste a stack trace, get a structured diagnosis in seconds.

The Problem with Simple Redaction

This is the part I'm most proud of — and the part that most people get wrong when they first hear about it. SmartScrub™ does not just redact. It replaces.

Most PII scrubbers drop the value and put [REDACTED] in its place. That breaks your logs for debugging. You can't tell if an email address was formatted correctly. You can't trace a user's session. You can't reproduce a bug. The log becomes useless.

SmartScrub™ uses deterministic synthetic replacement. Every PII value is replaced with a realistic fake value generated from a SHA-256 hash of the original.

patient.name@hospital.ng → user_3f8a92b1@example.com (valid email, different inbox)
192.31.4.210 → 192.168.174.23 (still a real-looking IP, now private range)
sk_live_abc123... → sk_test_3f8a92b1... (still a Stripe key format, not a live key)

The log stays readable. Your stack traces still make sense. Your error patterns still cluster correctly. But the actual sensitive value is gone, replaced by something that looks right without being real.

Why the Engineering Matters

The architecture choices were deliberate to support these goals. Every log batch hits an AWS API Gateway HTTP API backed by a Go Lambda function because cold start times are low and memory overhead is minimal. A separate processor Lambda does the heavy work (PII scrubbing, writing to Kinesis Firehose) so the HTTP response time stays fast regardless of the pipeline load.

I learned quickly that privacy is architecture, not a feature. You can't bolt PII scrubbing on after the fact reliably. It has to be a mandatory pipeline stage where data never moves forward without passing through it.

I also learned that building for markets extending outside traditional tech hubs requires a different discipline. Our name detection algorithms in SmartScrub™ cover Yoruba, Igbo, Arabic, Chinese, and Indian names specifically because those are the users I'm building for. That's not an afterthought. It's the point.

Looking Forward

If you're building in a regulated space and you've been putting off proper observability because the options felt too expensive or too complex — this is what I built for you.