Audit Logging
How Nutan maintains tamper-evident audit logs for compliance and security monitoring.
What Is Audit Logging?
Every meaningful action in Nutan is recorded in an audit log — who did what, when, and whether it succeeded. This creates a tamper-evident trail that satisfies compliance requirements and helps with security monitoring.
Why It Matters
Audit logs are required for:
- SOC 2 (CC7.2) — Detection of unauthorized or anomalous activity
- GDPR — Demonstrating that data processing is lawful and traceable
- HIPAA — Activity tracking for protected health information
- Internal security — Investigating incidents, verifying access patterns
Dual-Output Architecture
Nutan writes audit logs to two independent locations:
1. Queryable Audit Store
Audit events are written to your local encrypted database. This allows:
- Querying audit events in the desktop app
- Filtering by event type, date range, or outcome
- Joining audit data with other application data
- Fast lookups for recent events
2. Append-Only Audit File
Every audit event is also appended to a separate audit file:
- Format: One structured record per line, chronologically ordered
- Append-only: Nutan only appends to this file, never modifies or deletes entries
- Tamper-evident: Any modification to earlier lines is detectable by integrity checks
The audit file serves as an independent backup — even if the database is corrupted or deleted, the audit trail survives.
What Gets Logged
Every audit event records:
| Field | Description |
|---|---|
| Timestamp | When the event occurred (ISO 8601) |
| Event type | The category of action (auth, data_access, data_modify, integration, sync) |
| Action | Specific action taken (create, read, update, delete, connect, disconnect) |
| Outcome | Whether the action succeeded or failed |
| Provider | Which service or system initiated the action |
| Metadata | Additional context (e.g., record count, table name) — never contains PII |
Example Events
- User signed in via Google OAuth
- 15 deals synced from Salesforce
- Contact deleted (GDPR erasure)
- CRM token refresh failed
- Cloud sync completed (42 records pushed)
- Knowledge item uploaded (PDF, 2.3 MB)
No PII in Audit Logs
Audit logs record what happened but never include personally identifiable information:
- No names, emails, or phone numbers
- No transcript content
- No deal values or details
- Record IDs are used for traceability without exposing content
This means audit logs can be retained long-term without creating a secondary privacy liability.
Retention
Local Logs
Local audit logs are retained as long as you keep the app installed. They grow slowly (a few KB per day for typical use). The audit file can be rotated or archived manually if needed.
After Data Deletion
When you exercise your right to erasure (GDPR Article 17), audit logs are preserved. This is legally required under Article 17(3)(e) — logs demonstrating lawful processing are exempt from the right to erasure.
Accessing Audit Logs
In the App
Navigate to Settings → Security to view recent audit events. You can filter by event type and date range.
Raw File Access
The audit file is a standard text file stored locally. You can read it with any text editor, import it into a log analysis tool, or parse it with a script.
Related articles
Configure Single Sign-On for your organization using SAML or modern identity federation with Nutan.
Managing Your Data & PrivacyControl, export, and delete your data. Understand how GDPR rights are built into the product.
Encryption & Security ArchitectureHow Nutan encrypts your data at rest and in transit with multiple layers of protection.