Audit Logs

Every meaningful action in ChartPull is recorded in the audit log. This gives you a complete, tamper-proof record of who did what and when — essential for security reviews, compliance, and troubleshooting.

IntegrationsRequires Integrations add-on

Audit Logs require the Integrations add-on, accessible only to super_admin users. During your 14-day trial, the super_admin has full access to view and export audit logs.

What is tracked

ChartPull records the following categories of events. Every event includes the user who performed it, a timestamp, their IP address, and any relevant details.

Category	Action types	Description
Authentication	`user.login`	Sign-in success/failure, SSO authentication, session events
User management	`role_changed`	Role promotions and demotions, user invited, user removed
Settings	`settings.updated`	Workspace settings, branding, custom domain configured
Connections	`connection.*`	Google Workspace connection created, revoked, sync triggered
Employees	`employee.*`	Manual employee created, updated, or deleted
Exports	`export.generated`	CSV, PNG, PDF, or AI report exports
API keys	`api_key.*`	API key created or revoked
SSO	`sso.configured`	SAML configuration changed, enforcement mode updated
Branding	`branding.*`	Logo uploaded, colours changed, custom domain set
Webhooks	`webhook.*`	Webhook endpoint created, updated, or deleted
Share links	`share_link.*`	Public share link created or revoked

Viewing audit logs

Navigate to Admin > Audit Logs

Open the admin sidebar and click "Audit Logs." You will see a chronological list of recent events, newest first.

Filter by user

Click the "User" dropdown to see events from a specific person. This is useful when investigating a particular user's activity.

Filter by action type

Use the "Action" dropdown to narrow down to a specific event type. For example, select "Export" to see all data exports, or "Authentication" to review sign-in activity.

Filter by date range

Set a start and end date to focus on a specific time period. Useful for compliance audits that cover a particular quarter or month.

Each log entry shows:

Timestamp — the exact date and time of the action, in your workspace’s timezone
User — the name and email of the person who performed the action
Action — a description of what happened (e.g. “Exported employee data as CSV”)
Details — additional context, such as which settings were changed or which API key was created
IP address — the IP address from which the action was performed

Exporting audit logs

You can export your audit logs as a CSV file for offline analysis or compliance documentation. Click the “Export to CSV” button at the top of the Audit Logs page. The export respects your current filters, so if you have filtered to a specific user or date range, only those events will be included.

Compliance tip

Many compliance frameworks (SOC 2, ISO 27001, GDPR) require that you retain audit logs for a minimum period and can produce them on demand. Export your audit logs quarterly and store them in a secure location as part of your compliance documentation.

AI Audit Analysis

Beyond manual review, ChartPull can use AI to analyse your audit logs and surface potential security concerns. The AI looks at patterns across all events and flags anything unusual.

Unusual export patterns — a user downloading the full employee list multiple times in one day when they normally never export
Off-hours access — sign-ins at 3:00 AM from an account that normally logs in during business hours
Rapid role changes — an admin promoting multiple users in quick succession, which could indicate an account compromise
API key anomalies — a sudden spike in API requests from a key that was previously dormant
Failed authentication spikes — multiple failed sign-in attempts that could indicate a brute-force attack

Immutability and retention

Audit log entries in ChartPull are immutable with indefinite retention:

Cannot be modified — once written, a log entry cannot be changed. Not by viewers, not by admins, not by the super_admin, and not by ChartPull support.
Cannot be deleted — there is no way to remove individual log entries or clear the log. The audit trail is tamper-proof by design.
Indefinite retention — audit logs are retained for as long as your workspace exists. There is no automatic purging, expiry, or rolling window. Even if you cancel the Integrations add-on, the logs are preserved and will be accessible again when you upgrade.

Tamper-proof by design

The immutability of audit logs is a deliberate design choice for compliance and security. If a regulatory body or auditor asks for evidence of who did what, the audit log provides an authoritative, unmodifiable record.

Sentry integration

In addition to the in-app audit log, ChartPull automatically sends audit events to Sentry for real-time monitoring. Critical actions — like role changes, SSO configuration, and API key creation — are captured in ChartPull’s error and event monitoring system. This provides an additional layer of observability and is handled automatically with no configuration required from you.

Access control

Audit logs are restricted to the super_admin role. Regular admins and viewers cannot view, filter, or export audit logs. This ensures that the people being audited cannot tamper with or selectively review the audit trail.

Why super_admin only?

Restricting audit log access to the super_admin prevents a compromised admin account from covering its tracks. If an admin’s account is compromised and used to export data or change settings, the super_admin will still see the full, unaltered audit trail.

Use cases

When preparing for a SOC 2 audit, your auditor will ask for evidence that you monitor access to sensitive data. Export your ChartPull audit logs for the audit period, run an AI analysis to show you proactively review access patterns, and include both in your evidence package.

PreviousSSO / SAMLAdministration NextBrandingAdministration