Audit & Compliance

CustomKeys provides a cryptographically verifiable audit trail for every action taken within your organization.

Implementation: The HMAC Chain

Every audit log entry is linked to the previous one using an HMAC-SHA256 signature. This creates a tamper-evident chain:

  1. Entry A is created.
  2. Entry B is created, containing a signature of Entry A.
  3. If Entry A is modified, the signature in Entry B becomes invalid.

Verifying Integrity

You can verify the entire organization's log integrity via the CLI:

customkeys audit verify

Retention Policies

Retention is based on your Organization's plan:

  • Free: 7 Days
  • Starter: 90 Days
  • Business: 365 Days
  • Enterprise: 10 Years

Exporting Logs

Audit logs can be streamed to external SIEM providers (DataDog, Splunk) via our high-volume Webhooks.

Last updated: 4/20/2026Report Issue