1. Overview
  2. Customer Management Portal
  3. Audit Logs & GDPR Admin

Audit Logs & GDPR Admin

The Audit Logs section gives you a full record of activity across your agency — logins, team changes, billing events, workspace actions, and more. The GDPR Admin tab is a Super Admin tool for processing verified data privacy requests.

To access these features, navigate to Audit Logs in the main sidebar.

Audit Logs

The Audit Logs tab shows a chronological record of events across your agency and all its workspaces. Events are loaded on page open and can be refreshed at any time using the Refresh button.

What Is Logged

The audit log captures a wide range of events, including:

Account & authentication — login successes and failures, logouts, magic link requests, password changes, email changes, profile updates, two-factor authentication events.

Team management — members added, removed, or invited; role changes; invite views and acceptances; ownership transfers.

Workspaces — workspace created, updated, or deleted; member additions and removals within workspaces.

Billing & subscriptions — trial starts and conversions, subscription changes, cancellations, reactivations, payment successes and failures, billing profile changes, payment method additions and removals, lifetime deal redemptions.

Domains & access — custom domains added or removed, DNS validation results, portal domain events, billing access granted or revoked.

Reading the Log Table

Each row in the audit log contains six columns.

Timestamp shows when the event occurred. Recent events display as relative time (e.g. "5m ago", "2h ago"). Older events show the full date and time.

Action shows what happened, with a colour-coded status dot: green for successful/additive actions, red for failures or removals, amber for updates, and blue for informational events.

Actor shows who performed the action — typically an email address. For events initiated by a workspace user (via the application), a pod login name may appear instead or alongside the email.

Target shows what or who the action was performed on — for example, the email of a member who was added, or the name of a workspace that was created.

Source shows where the action originated. Values include your agency platform name (for actions taken in the management portal), Application (for actions taken inside a workspace by end users), API, or System (for automated background processes).

IP Address shows the originating IP where available.

Filtering

Four filters are available at the top of the log.

Action — a dropdown showing all action types present in the current log. Select a specific action to show only those events.

Source — filter by where events originated (platform, application, API, system).

Actor — a text search field. Type any part of an email address to filter to events performed by that person.

Target — a text search field. Type any part of a name or email to filter to events targeting that person or resource.

Active filters are indicated by a count badge. Click Clear all to reset all filters at once.

The results count above the table shows how many events match the current filters out of the total loaded.

GDPR Admin

This tab is for Agency Owners only. It is not used for routine account deletions. Only use it for verified GDPR requests that have received legal approval.

The GDPR Admin tab has three sections: Right to be Forgotten, Data Export, and Retention Policy.

Right to be Forgotten

Use this to process a verified GDPR erasure request. This permanently anonymizes the user's personal data across the platform.

Required fields:

User Email — the email address of the account subject to the erasure request.

Requested By — the person or team who received and verified the request (e.g. your support or legal team email).

Support Ticket ID — a reference to the ticket or case tracking this request (e.g. GDPR-2025-001). This is recorded in the audit trail.

Retain audit logs — checked by default. When checked, audit log entries are kept but the user's personal identifiers within them are anonymized. Unchecking this will also anonymize the audit log structure itself, which impacts troubleshooting. Only uncheck if your legal team specifically requires it — you will be asked to confirm.

Legal team has reviewed and approved this deletion — this checkbox is required before the form can be submitted. Do not process a deletion without documented legal approval.

Once submitted, a completion report is displayed showing what was anonymized. The form clears automatically after a successful deletion.

Note: This action is irreversible. The user's name, email address, and other personal identifiers will be permanently anonymized and cannot be recovered.

Data Export

Use this to fulfil a GDPR data portability request — a user's right to receive a copy of all data held about them.

Enter the User Email and click Export Data. The export result is displayed in JSON format directly in the interface. Click Download JSON to save the file locally.

The export includes all data associated with the account: profile details, agency memberships, audit log entries, and other records tied to that email address.

Retention Policy

Audit logs older than 7 years (2,555 days) are subject to anonymization under standard data retention policy. Personal identifiers within those logs are removed while the audit trail structure is preserved.

This process is typically run automatically as a scheduled background job. The Enforce Retention Policy button allows you to trigger it manually if needed — for example, after an audit or at the request of your legal team.

You will be asked to confirm before the process runs. After completion, a summary is displayed showing how many logs were processed, how many were anonymized, the cutoff date used, and the retention period applied.

Note: This does not delete audit log records — it anonymizes the personal data within them. The event structure and timestamps are retained.

Tips

Audit logs are agency-wide. The log includes events from all members of your agency, not just the account owner. This means you can see when members log in, make changes, or perform actions on workspaces they have access to.

Use the Actor filter to investigate a specific user. If you need to review what a particular team member has done, enter their email in the Actor field.

Use the Action filter for billing reviews. Filter to payment or subscription events to get a quick view of billing history activity without navigating to the Billing section.

Refresh manually when monitoring activity. The log does not auto-refresh. Use the Refresh button to pull in the latest events.

GDPR requests require a ticket reference. Always log GDPR requests in your support or legal tracking system before processing them here. The ticket ID is part of the audit record for the deletion itself.