Audit & Compliance

Audit trail#

Every action in LumenFlow is recorded in an immutable audit trail. Nothing happens in the dark.

What's logged#

Accessing the audit trail#

From Sidekick#

Ask Sidekick "show me the proof" or "what just happened?" — the Proof widget renders the audit trail inline with replay deep-links.

From the dashboard#

Open Jobs, pick a Job, and view its Activity tab for a searchable, filterable view of audit entries scoped to that Job. The org-scoped Observe surface aggregates evidence across the workspace.

API#

The audit trail is also accessible via the LumenFlow API for programmatic access and integration with your existing tools.

Export#

Export the current evidence set and audit history from the workspace trust surfaces when you need to hand records to reviewers or compliance stakeholders.

Retention#

Compliance frameworks#

The audit trail is evidence substrate, not a certification. It produces the kind of records that help teams answer questions from common frameworks — but LumenFlow is not SOC 2 certified, HIPAA certified, or otherwise attested, and a BAA is not yet available.

• SOC 2 — access logging and change-management records (building toward readiness, not certified)
• GDPR — data-processing records and right-to-explanation trail
• HIPAA — action logging and access-control records (no BAA offered yet)

info Audit entries cannot be modified or deleted. This is by design — the trail is the ground truth for all AI activity.