Audit Logging
Tamper-evident audit trail for compliance and accountability.
Last updated
Mistvine maintains a comprehensive audit trail of all significant operations for compliance, security monitoring, and accountability.
Immutability
Audit logs are append-only. Once written, records cannot be modified or deleted. This is enforced at the database level, not application level.
Event Coverage
What Gets Logged
| Category | Examples |
|---|---|
| Authentication | Sign in, sign out, sign-in code requests, SSO link/unlink |
| Authorization | Role changes, membership changes, permission grants |
| Data Lifecycle | Creates, updates, deletes on business objects |
| Administrative | Settings changes, integration configuration |
| Security | Policy violations, suspicious activity |
Event Data
Each audit event captures:
- Actor identity (user, system, or anonymous)
- Action performed
- Resource affected
- Organization context
- Server-generated timestamp
- Request context
Anonymous Operations
Certain operations (such as anonymous feedback) are logged without actor identification to preserve psychological safety while maintaining auditability.
Data Protection
PII Handling
Sensitive data is sanitized before logging:
- Email addresses are masked
- One-time sign-in codes and magic-link tokens are never logged
- API keys are truncated
Access Control
Audit logs are readable only by organization administrators. Regular users cannot access audit logs.
Retention
Audit logs are retained for 7 years to support customers' compliance obligations under SOX, HIPAA, and similar regulations. Retention is extended automatically while an active legal hold covers the records.
Compliance Export
Organization administrators can export audit logs for compliance reviews and audits.