Tamper-proof audit logs
with cryptographic integrity
Every action in your privacy program produces an immutable, hash-chained audit record with a compliance receipt — providing cryptographic proof that stands up in regulatory proceedings.
SHA-256 Hash Chain
Every audit event is hash-chained: SHA-256(tenant_id + event_type + entity_id + payload + previous_hash + timestamp). If any record is tampered with, every subsequent hash becomes invalid.
Append-Only Enforcement
PostgreSQL RULES prevent UPDATE and DELETE at the database level. Even application bugs cannot modify audit records. Events are immutable once written — period.
Compliance Receipts
Every mutation across the entire platform generates a compliance receipt: receiptId, eventHash, previousHash, chainPosition, HMAC signature, and timestamp. Legal evidence artifacts.
Monthly Partitioning
Audit events are range-partitioned by month for performance. Partition pruning ensures date-range queries only scan relevant partitions. Future partitions auto-created 3 months ahead.
S3 WORM Archival
After 90 days, partitions are exported to Parquet format and uploaded to S3 with Object Lock (WORM). 7-year retention per regulatory requirements. Cross-region replicated.
Chain Verification
The /v1/audit/verify endpoint walks the hash chain for any date range and recomputes every hash. Broken links are reported immediately — cryptographic proof of integrity.
How the hash chain works
Each event's hash includes the previous event's hash, creating an unbreakable chain. Modify event #845, and events #846, #847, and every subsequent event become invalid.