security

Audit log

Every change, with who + when + what.

Every create, update, delete, payment, reversal, plan change, impersonation, password change writes to audit_logs. Tenant admins see their own tenant. Super-admin sees everything.

Structured rows (user_id, user_email, action, entity, entity_id, details)
Never updated or deleted from application code
Filter by entity or action in the UI
Retention by plan: 7 / 90 / unlimited days

How it works

services.audit.log() is called from every write path. No decorators, no magic — explicit and greppable.

See it at /dashboard/audit.

Start free Sign in

More security features

Multi-tenant isolation
One codebase, many companies, zero crosstalk.
2FA (TOTP)
The standard second factor, in every account.
OIDC / SAML single sign-on
Corporate accounts signing in via your IdP.
Soft-delete + super-admin restore
Mistakes happen. Data does not disappear.