← Back to Security Center

Audit Logging & Compliance

Overview

Our platform maintains comprehensive audit logs to ensure security, compliance, and transparency. This document outlines our audit logging practices and how they support SOC 2 compliance requirements.

What We Audit

Authentication & Access

  • User Login/Logout: Every authentication event is logged with timestamp, IP address, and browser information
  • Failed Login Attempts: Security monitoring for potential unauthorized access attempts
  • Permission Denials: When users attempt to access resources they don't have permission for

Data Operations

  • Create: When new resources are created (exports, uploads, configurations)
  • Read/View: Access to sensitive data and administrative interfaces
  • Update: All modifications to existing resources with before/after changes
  • Delete: Permanent deletion of any data with details of what was removed

File Operations

  • Uploads: All file uploads including size, name, and type
  • Downloads: Export downloads with file details
  • Processing: Background processing operations on uploaded data

Administrative Actions

  • Admin Access: All administrative interface usage
  • Configuration Changes: System settings and configuration modifications
  • User Management: Account and permission changes
  • Audit Log Access: Even viewing audit logs is audited for complete transparency

Information Captured

For every audited event, we record:

  • Who: User identity and account context
  • What: Specific action performed and affected resources
  • When: Precise timestamp with timezone
  • Where: IP address and geographic location (when available)
  • How: Browser/client information and request details
  • Result: Success/failure status and any error information

Privacy & Security

Sensitive Data Protection: Passwords, API keys, and tokens are automatically filtered and never logged
Encryption: All audit logs are encrypted at rest
Retention: Audit logs are retained for a minimum of 1 year as per compliance requirements
Access Control: Only authorized administrators can view audit logs
Immutability: Audit logs cannot be modified or deleted by users

Compliance Support

Our audit logging system supports compliance with:

SOC 2 Type II

Comprehensive logging of all security-relevant events

GDPR

User activity tracking with appropriate data retention policies

HIPAA

If applicable, detailed access logs for protected health information

ISO 27001

Information security management system requirements

Benefits for Your Organization

  1. Security Monitoring: Detect and investigate suspicious activities
  2. Compliance Evidence: Demonstrate regulatory compliance with detailed logs
  3. Incident Response: Quickly investigate and respond to security incidents
  4. User Activity Tracking: Understand how your team uses the platform
  5. Data Governance: Track data access and modifications for governance requirements

Access & Review

Authorized administrators in your organization can:

  • View audit logs through the admin interface
  • Filter logs by date, user, action type, and more
  • Export audit data for external analysis
  • Receive alerts for specific security events (coming soon)

Questions?

If you have questions about our audit logging practices or need specific compliance documentation, please contact our support team.