Tamper-proof audit logs
with cryptographic integrity
Every action in your privacy program produces an immutable, tamper-evident audit record with a compliance receipt. Cryptographic proof that stands up in regulatory proceedings.
cryptographic Integrity Chain
Every audit event is tamper-evident: a cryptographic hash of the event. If any record is tampered with, every subsequent hash becomes invalid.
Append-Only Enforcement
PostgreSQL RULES prevent UPDATE and DELETE at the database level. Even application bugs cannot modify audit records. Once written, events are immutable.
Compliance Receipts
Every mutation across the platform generates a compliance receipt: receiptId, eventHash, previousHash, chainPosition, cryptographic signature, and timestamp. These serve as legal evidence artifacts.
Monthly Partitioning
Audit events are range-partitioned by month for performance. Partition pruning ensures date-range queries only scan relevant partitions. Future partitions are auto-created 3 months ahead.
S3 WORM Archival
After 90 days, partitions are exported to Parquet format and uploaded to S3 with Object Lock (WORM). 7-year retention per regulatory requirements, with cross-region replication.
Chain Verification
The /v1/audit/verify endpoint walks the integrity chain for any date range and recomputes every hash. Broken links are reported immediately, giving you cryptographic proof of integrity.
How the integrity chain works
Each event's hash includes the previous event's hash, creating an unbreakable chain. Modify event #845, and events #846, #847, and every subsequent event become invalid.