Audit Logs

Availability: Business and Enterprise tiers. Designed for SOC 2/ISO-style evidence.

What is logged

• User authentication events (login, logout, SSO).
• Validations created and deleted.
• Exports (PDF/JSON) and policy downloads.
• API calls (endpoint, timestamp, user).

How to access

• In-app: Settings → Audit Logs (Business+).
• Filters: date range, user, event type.
• Export: CSV/JSON for auditors or internal review.

Retention

• Business: 180 days.
• Enterprise: 365 days (custom retention on request).
• Align exports with your own retention policy.

Tips for compliance

• Pair with SSO to centralize identities.
• Export logs before audits; store in your evidence repo.
• Restrict who can access audit logs (admin-only recommended).

Troubleshooting

• No events? Verify you’re on Business+ and have recent activity.
• Missing user info for API calls? Confirm calls use authenticated users and not anonymous tokens.