What goes in an audit log?
- Actor — who took the action: a teammate, an API key, a scheduled job, or one of the AI agents.
- Action — what they did: sent a campaign, changed a consent record, edited a segment rule, paused an ad audience.
- Target — the resource affected, with a stable identifier: which journey, which template, which profile.
- Timestamp — when it happened, to the second, in a fixed timezone; UTC keeps entries comparable.
- Context — the why, where you have it: the before-and-after values, the reason given, the request that triggered it.
How does an audit log work?
Every meaningful action writes one row and moves on — the log is never updated in place. That append-only design is what makes the history trustworthy: you can replay exactly what happened, in order. But append-only in the application is not the same as tamper-evident. If someone with database access can rewrite rows, the log proves less than it looks like it does. Making it tamper-evident — write-once storage, hash-chaining, or shipping entries to a separate system — is a further step, and engineering standards such as NIST's guide to log management treat protecting log integrity as its own requirement.
How do you audit an AI agent's decisions?
When agents run growth for you, the audit log is how you keep human-in-the-loop oversight after the fact. Each agent action — a segment created, a journey shipped, a send proposed — is recorded with the rationale behind it, and an orchestrator logs the handoffs between roles. That gives you a decision trail you can read, question, redirect, or roll back — instead of a black box that acted while you were asleep.
Why it matters for a two-person team
The GDPR's accountability principle says you must be able to demonstrate compliance, not just claim it — and regulators such as the UK's ICO point to records of what you did as the evidence. An audit log is that evidence, produced as a side effect of normal use rather than assembled in a hurry before a review. If you self-host, it lives in your own database; the practical setup is covered in GDPR and self-hosting, while this entry only defines the log.