Audit Logs
The audit log records every significant action taken in your RapiDesq tenant — configuration changes, user management actions, data access, permission changes, legal hold applications, data exports, and administrative operations. It exists to answer the question "who did what, when, and why?" for compliance, security investigation, and internal accountability. This guide covers what's logged, how the log is structured, how to view and filter it, how long entries are retained, and common use cases.
Overview
Audit logs in RapiDesq are:
- Append-only. Entries cannot be edited or deleted by users, even tenant admins. This is a design property, not just a policy — the audit log is the one thing in the system that resists tampering.
- Comprehensive on administrative actions. Every change to configuration, permissions, users, teams, bots, flows, and other platform settings is recorded.
- Selective on routine activity. Day-to-day agent work (sending a chat message, updating a ticket status) is not individually logged in the audit trail — that data lives in the ticket and conversation records themselves, which serve as their own history. The audit log focuses on actions that have compliance, security, or accountability significance.
- Per-tenant and isolated. Your audit log is visible only to authorized users in your tenant. No other tenant, and no RapiDesq staff outside of specific narrowly-scoped support operations, can view it.
What's Logged
| Category | Examples |
|---|---|
| Authentication | User sign-in, sign-out, failed sign-in attempts, SSO configuration changes, password resets, session termination. |
| User management | User creation, invitation, deactivation, role changes, permission set assignments, team membership changes. |
| Configuration changes | Team creation, routing strategy changes, channel configuration, conversation flow publishing, bot configuration, knowledge base updates, business hours changes. |
| Permission changes | Creation or modification of custom permission sets, assignment of permission sets to users, changes to tenant-wide access settings. |
| Data access | Bulk exports, data subject access requests, legal hold applications and releases, cross-tenant impersonation by authorized support staff (for tenants that opt in to impersonation support). |
| Data deletion | Contact deletion, bulk data deletion, retention-driven deletion events (aggregated), manual deletion of tickets or conversations. |
| Billing and account | Plan changes, payment method updates, credit top-ups, auto-refill configuration changes, tenant settings changes. |
| Security events | Failed authentication patterns, suspicious activity flagged by the platform, API key creation or rotation, IP restriction changes. |
Log Entry Structure
Every audit log entry contains:
- Timestamp — when the action occurred, in UTC (displayed in the viewer's local timezone).
- Actor — who performed the action. Usually a user, but can also be an automated system process or an API client.
- Action — what was done (e.g., "team.create", "user.role.change", "legal-hold.apply").
- Target — what the action operated on (the team that was created, the user whose role changed, etc.).
- Changes — for modifications, the before and after values where applicable.
- Context — request IP address, user agent, and session identifier to enable pattern detection across entries.
- Reason — for certain sensitive actions (legal holds, data exports, impersonation), a required note explaining why.
Viewing the Audit Log
Navigate to Admin > Audit Log. By default, the viewer shows the most recent 100 entries across all categories. You can:
- Filter by time range
- Filter by category (authentication, user management, etc.)
- Filter by actor (specific user or system process)
- Filter by target type (actions on teams, actions on users, etc.)
- Search free-text across entries
Click any entry to expand it and see the full detail including before/after values and related context. For actions that have linked records (a user creation links to the created user, a team configuration change links to the team), click-through is available to those records.
Who Can View
By default, only users with the View Audit Log permission can see audit log entries. This permission is included in the Tenant Owner and Tenant Admin roles. Supervisors and agents do not have audit log access by default.
For segmented responsibility (a dedicated compliance or security role, for example), you can create a custom permission set that includes audit log access without granting other administrative permissions, and assign it specifically.
Retention
Audit logs have their own retention policy, configured separately from other data types in Admin > Data & Compliance > Retention. Typical retention for audit data is 2–7 years depending on your regulatory context — longer than content data because audit trails often need to outlive the data they describe.
Audit log entries themselves cannot be edited or deleted by users, but they are automatically removed when they fall outside the configured retention period. Legal holds can be applied to audit data just like other data types.
Exports
The audit log can be exported as CSV or JSON, either on demand or on a recurring schedule. Scheduled exports are useful for:
- Feeding audit data into a SIEM or centralized logging system
- Long-term archival in your own infrastructure
- Regulatory reporting where the authority wants data in a specific format
Exports respect any filters applied in the viewer, so you can export a scoped subset rather than the full log.
Common Use Cases
Incident investigation
A customer reports that their data was accessed by someone who shouldn't have had access. The audit log answers: who accessed this contact record, when, what were their permissions at the time, and did they perform any modifications? Filter by target (the contact in question), review the access entries, and trace back from there.
Compliance review
A compliance audit asks for evidence that changes to access permissions were logged and reviewed. Export the permission-changes category for the audit period, provide the export as evidence, and point to the retention policy showing how long the records are kept.
Configuration change tracking
A conversation flow started misbehaving and no one remembers who changed what. Filter the audit log to the flow's publication events, see the sequence of changes and who made them, and figure out what to revert.
Offboarding verification
When an employee leaves, standard practice is to verify their access was properly revoked. The audit log shows the deactivation event, the removal of their permission sets, and the revocation of any API keys they owned. If anything's missing, it's visible immediately.
GDPR request fulfillment
When a customer makes a data subject request, the audit log records its receipt, processing, and fulfillment. If a regulator later asks for proof that a request was handled within the required timeframe, the audit log is the evidence.
Best Practices
- Define who has audit log access and audit it regularly. The audit log itself is sensitive; treat access to it with the same care as access to admin settings.
- Review authentication patterns periodically. Spikes in failed sign-ins, sign-ins from unexpected IP ranges, or unusual session patterns are worth investigating even if nothing downstream went wrong.
- For regulated environments, feed audit data into a SIEM. Scheduled exports combined with your existing security tooling gives you cross-system correlation that no single tool can provide.
- Document your audit review process. Auditors want to see that you periodically review audit data, not just that it exists. A written process (who reviews, how often, what they look for, how findings are actioned) is part of a mature compliance posture.
- Keep retention aligned with your longest external requirement. If one regulatory framework says 7 years and another says 3, you keep for 7. Retention is cheaper than non-compliance.
Related Topics
- Data Retention & GDPR — retention policy configuration including audit log retention.
- Permissions & Access Control — configuring who can view the audit log.
- SSO Setup — authentication events captured in the audit log for SSO-enabled tenants.