Skip to content
Learn · Glossary

Audit log

An audit log is an append-only, timestamped record of who did what, when — and, ideally, why. Every meaningful action in a system becomes one entry: a message sent, a consent changed, a setting edited, an agent's decision. Because entries are only ever added, never edited, the log is the evidence of what actually happened.

Updated 8 Jul 20262 min readBy fromHello
Key takeaways
  • An audit log records who did what, when — and ideally why — as one append-only entry per action.
  • It is how you demonstrate GDPR accountability and how you audit an AI agent's decisions after the fact.
  • Append-only is not the same as tamper-evident: to trust the log, protect its integrity, not just block edits in the UI.

What goes in an audit log?

  • Actor — who took the action: a teammate, an API key, a scheduled job, or one of the AI agents.
  • Action — what they did: sent a campaign, changed a consent record, edited a segment rule, paused an ad audience.
  • Target — the resource affected, with a stable identifier: which journey, which template, which profile.
  • Timestamp — when it happened, to the second, in a fixed timezone; UTC keeps entries comparable.
  • Context — the why, where you have it: the before-and-after values, the reason given, the request that triggered it.
An audit log and the terms next to it.

How does an audit log work?

Every meaningful action writes one row and moves on — the log is never updated in place. That append-only design is what makes the history trustworthy: you can replay exactly what happened, in order. But append-only in the application is not the same as tamper-evident. If someone with database access can rewrite rows, the log proves less than it looks like it does. Making it tamper-evident — write-once storage, hash-chaining, or shipping entries to a separate system — is a further step, and engineering standards such as NIST's guide to log management treat protecting log integrity as its own requirement.

How do you audit an AI agent's decisions?

When agents run growth for you, the audit log is how you keep human-in-the-loop oversight after the fact. Each agent action — a segment created, a journey shipped, a send proposed — is recorded with the rationale behind it, and an orchestrator logs the handoffs between roles. That gives you a decision trail you can read, question, redirect, or roll back — instead of a black box that acted while you were asleep.

Why it matters for a two-person team

The GDPR's accountability principle says you must be able to demonstrate compliance, not just claim it — and regulators such as the UK's ICO point to records of what you did as the evidence. An audit log is that evidence, produced as a side effect of normal use rather than assembled in a hurry before a review. If you self-host, it lives in your own database; the practical setup is covered in GDPR and self-hosting, while this entry only defines the log.

FAQ

Common questions

  • Audit log vs application log — what is the difference?

    An application log is for debugging: it records technical events, errors, and traces for engineers. An audit log is for accountability: it records business-meaningful actions — who changed what — in a form you can show a regulator or a customer. The two overlap, but they answer different questions.

  • Is an audit log the same as immutable?

    Not exactly. Append-only means the application never edits past entries, but a database admin still might. Immutable, or tamper-evident, storage — write-once media, hash chains — is a stronger guarantee. For a small team, append-only plus restricted database access is a reasonable starting point.

  • How long should you keep audit logs?

    As long as they serve a purpose, and no longer. Security investigations and GDPR accountability set a floor; storage cost and data minimisation set a ceiling. Many teams keep security-relevant logs for a year or more, but there is no single legal number — retention follows the reason you hold them.

  • Do audit logs contain personal data?

    Often yes — an actor's identity, a customer's profile ID, sometimes message content. That puts the log itself in scope for the GDPR: secure it, limit access, and set a retention period, the same as any other store of personal data.

See the platform the team runs.

Related guides
Early access

Put your growth teamon autopilot.

Early access opens gradually, so the team tunes to real use cases. Small teams with big ambitions go first.

500+ already on the list

Not ready to share an email? It's open source. Run it yourself today. View on GitHub

No spam. One email when your spot opens. Unsubscribe at any time.