Authentication
Logins (success and failure), push approvals, sessions, password changes, 2FA setup, recovery-code use, and service-identity rotation.
Pillar 1 of 4 · Audit Log
Every action, signed and chained.
A tamper-evident audit log of every consequential action — by an agent or a human. Hash-chain protected, append-only, retained for seven years.
Continuous, not point-in-time.
Most audit trails are reconstructed after the fact — stitched together from logs that were never designed to be evidence. Plantel writes the trail as the work happens. The moment an agent provisions a VM, a credential is revealed, or a role changes, the event is captured, signed, and linked to the one before it.
Because Plantel runs a company with an AI workforce, the log treats agents and humans the same way: one chain, one format, one place to answer who did what, when, and on whose authority.
What gets logged.
Ten categories of consequential action, captured across the whole platform — not a sampled subset.
Authorization
Permission grants and revokes, role changes, vault-scope changes, and admin actions taken against a user.
Vault operations
Credentials created, viewed, auto-filled, edited, deleted, and shared — every reveal is on the record.
Agent operations
Agent created (with full config snapshot), terminated, VM provisioned or migrated, tasks run, approvals, and skill or SOP changes.
Billing
Wallet deposits, per-transaction usage, seat changes, payment-method changes, invoices, and auto-reloads.
Compute
Hosts added or removed from the pool, VMs created, destroyed, or migrated, and provider-adapter configuration changes.
Monitoring config
Attestations, monitoring toggles per user, capture-intensity and category changes, retention-policy edits, and captured-data exports.
Data access
Files viewed, downloaded, or shared externally, mass file operations, and Brain search queries (metadata only — never query content).
Org settings
Org name and branding, domain configuration, SSO config, webhook destinations, and feature-flag changes.
Compliance events
Data-subject requests (GDPR/CCPA), legal holds initiated or released, data exports, and completed deletions.
Built to be evidence.
The log is designed so that tampering is detectable and deletion is impossible by construction.
Hash chain
Each entry stores the SHA-256 of the previous entry plus a hash of its own content. Modify or delete one entry and every hash after it breaks — verification jobs catch it.
Append-only
There is no UPDATE and no DELETE endpoint on the audit log. Entries are written by internal services only — never edited, never removed, not even by an admin.
7-year retention
Standard retention is 7 years, extendable per org for regulated industries, and never deleted during a legal hold. Hot data can age out of Postgres but stays recoverable from archive.
Each tenant sees only its own.
Isolation is enforced at the application layer and double-scoped: a customer admin can view, filter, search, and export their org's log, but never another org's. The audit log is structured to evidence the controls behind SOC 2, ISO 27001, HIPAA, GDPR, and CCPA — frameworks Plantel Compliance is built to support, not certifications claimed on your behalf.
How isolation worksOne add-on. Every framework.
The Audit Log ships with Plantel Compliance — a single add-on to Plantel Business at $99.95/mo, with unlimited frameworks and no per-framework upsell.
Trust you can verify.
Continuous, tamper-evident, and built for the audit you'll actually face.