diff --git a/.changeset/wet-points-deny.md b/.changeset/wet-points-deny.md
new file mode 100644
index 0000000..1af4a87
--- /dev/null
+++ b/.changeset/wet-points-deny.md
@@ -0,0 +1,5 @@
+---
+"@saleor/apps-shared": minor
+---
+
+Disabled possibility to create logger if level is DEBUG or TRACE and NODE_ENV is production. This is an additional protection for logging sensitive data.
diff --git a/packages/shared/src/logger.ts b/packages/shared/src/logger.ts
index 5056296..f5796b5 100644
--- a/packages/shared/src/logger.ts
+++ b/packages/shared/src/logger.ts
@@ -1,10 +1,21 @@
 import pino from "pino";
 
+const forbiddenProductionLevels = ["debug", "trace"];
+
+const logLevel = process.env.APP_LOG_LEVEL ?? "silent";
+
+if (process.env.NODE_ENV === "production" && forbiddenProductionLevels.includes(logLevel)) {
+  throw new Error(
+    `Production app can only log INFO or higher log level. "${logLevel}" is development only.`
+  );
+  process.exit(1);
+}
+
 /**
  * TODO Set up log drain etc
  */
 export const logger = pino({
-  level: process.env.APP_LOG_LEVEL ?? "silent",
+  level: logLevel,
   redact: ["token", "apiKey"],
   transport:
     process.env.NODE_ENV === "development"