Activity Logs Overview.
Complete audit trail and monitoring for all platform activity
Activity logs provide a complete audit trail of everything that happens on the platform. Every action—creating a card, updating a member, deleting a reward—is automatically recorded with details about who did it, when, and what changed.
What You Can Do
The activity logging system lets you:
- Monitor all system activity — See every action across all networks, partners, and users
- Track changes — View what was modified, including before and after values
- Investigate issues — Trace problems back to their source with detailed records
- Ensure accountability — Know exactly who performed each action
- Detect security threats — Monitor failed login attempts and suspicious patterns
- Meet compliance requirements — Maintain complete audit trails for regulatory needs
What Gets Logged
Activity logs automatically capture:
User Actions:
- Creating, updating, and deleting loyalty cards and stamp cards
- Managing members, staff, and partners
- Creating and modifying rewards
- Setting up clubs and networks
- Processing transactions and redemptions
- Creating and redeeming vouchers
- Tier assignments and changes
- Privacy actions (data exports, account deletions)
Authentication Events:
- Successful logins
- User logouts
- Failed login attempts
- Account lockouts
- Password reset requests
- OTP code requests and verifications
System Information:
- Who performed the action (user name and type)
- What was affected (card, member, reward, etc.)
- When it happened (date and time)
- Where it came from (IP address)
- What changed (old and new values)
Key Features
Complete Audit Trail
Every activity includes:
- Description — Plain English explanation of what happened
- User — Who performed the action
- Subject — What was affected
- Event Type — Created, updated, deleted, login, logout, and many more specific events
- Timestamp — Exact date and time
- IP Address — Where the request came from
- Changes — What values were modified
Analytics Dashboard
Visual insights into your platform activity:
- Activity trends over time
- Event type distribution
- Category breakdowns
- Most active users
- Authentication statistics
Advanced Filtering
Find exactly what you need:
- Search by description
- Filter by category (cards, members, rewards, vouchers, tiers, etc.)
- Filter by event type (created, updated, deleted, login, tier upgraded, voucher redeemed, etc.)
- Filter by user type (Admin, Partner, Staff, Member)
- Filter by affected resource
Log Entry Language & Format
Activity log entries — such as stamp_earned, otp_login, and tier_upgraded — are system-level action identifiers written in English. These are internal, code-level labels, not translated user-interface text.
This is standard practice across the software industry: audit and activity logs are universally written in English regardless of the platform's configured language. No major compliance framework (GDPR, ISO 27001, PCI-DSS, or others) requires logs to be in any specific language.
What is in English
- Event identifiers — The action labels like
created,stamp_earned,voucher_redeemed - Category labels — Resource type labels like
cards,members,authentication
What follows your language settings
- Admin interface — The log viewer itself (buttons, column headers, filters) is part of the admin UI and follows your configured language
- Activity descriptions — Human-readable descriptions like "Card was created" follow your language settings
- All other platform text — Emails, member-facing content, and the rest of the interface follow the operator's configured language
Note: The event identifiers are code-level constants that are not processed through the translation layer. They are designed to be consistent, machine-readable labels that remain the same across all installations — ensuring uniformity in audit trails, log analysis, and cross-system integrations.
Privacy & Security
Sensitive Data Protection: Activity logs never record passwords, security tokens, or other sensitive credentials. These fields are automatically excluded from logging.
Data Retention: Activity logs are kept for 365 days by default. Older records can be purged manually to optimize database performance—see Managing Activity Log Size below.
Read-Only Records: Activity logs cannot be modified or deleted individually. This ensures audit trail integrity for compliance and security purposes. Only bulk purging of old records is supported.
Global Compliance Frameworks
The activity logging system is designed to support compliance with data protection and audit requirements worldwide. The append-only, tamper-proof architecture meets the technical requirements of major regulatory frameworks.
Supported Frameworks
| Region | Framework | Key Requirements | Platform Support |
|---|---|---|---|
| 🇪🇺 EU | GDPR (Articles 30, 32) | Processing activity logs, 3+ years retention | ✅ Full |
| 🇺🇸 USA | CCPA/CPRA | Consumer request tracking | ✅ Full |
| 🇺🇸 USA | SOC 2 Type II | Authentication events, 1+ year retention | ✅ Full |
| 🇺🇸 USA | HIPAA | Access logs, 6+ years retention | ✅ Full |
| 🇬🇧 UK | Data Protection Act 2018 | Similar to GDPR | ✅ Full |
| 🇧🇷 Brazil | LGPD | Processing activity records | ✅ Full |
| 🇨🇦 Canada | PIPEDA | Access logs, 1+ year retention | ✅ Full |
| 🇦🇺 Australia | Privacy Act 1988 | Data handling logs | ✅ Full |
| 🇸🇬 Singapore | PDPA | Data breach and access logs | ✅ Full |
| 🇯🇵 Japan | APPI | Access logs, 3+ years | ✅ Full |
| 🇨🇳 China | Cybersecurity Law | Authentication events, 6+ months | ✅ Full |
| 🇨🇳 China | PIPL | Consent and processing tracking | ✅ Full |
Compliance-Ready Design
The activity log system provides:
| Feature | Compliance Benefit |
|---|---|
| Append-only records | Logs cannot be modified—ensures tamper-proof audit trails |
| Immutable timestamps | Server-generated timestamps cannot be altered |
| Complete context capture | Who, what, when, where, and what changed |
| User action attribution | Every action tied to an authenticated user |
| IP address logging | Geographic and device tracing for investigations |
| Change tracking | Before/after values for data modification audits |
| Privacy event logging | Data export, deletion, and consent actions tracked |
| Configurable retention | Meet jurisdiction-specific retention requirements |
| Bulk purge with minimum floor | Automatic enforcement of minimum retention periods |
Note: While the platform provides the technical infrastructure for compliance, you are responsible for configuring appropriate retention periods and ensuring your overall data processing practices meet legal requirements in your jurisdiction.
Who Can Access Activity Logs
Administrators have full access to all activity logs across the entire platform. They can view, filter, analyze, and purge old records.
Partners can view activity logs for their own business only, including staff actions and customer transactions. Partners require the Activity Log permission to be enabled by an administrator.
Staff and Members do not have access to activity logs.
Managing Activity Log Size
Over time, activity logs can accumulate millions of records, impacting database performance and storage costs. Administrators can purge old records directly from the admin dashboard.
Why Purge Old Logs?
- Improve performance — Large log tables can slow down queries
- Reduce storage costs — Free up database space
- Maintain compliance — While removing data you no longer need to keep
How to Purge Old Logs
- Navigate to Activity Logs in the admin sidebar
- Click the Purge Old Logs button (red button in top-right)
- Review the confirmation page:
- Total number of records to be deleted
- Breakdown by category (loyalty cards, vouchers, members, etc.)
- The retention period being respected
- Click Purge X Records to confirm
- Confirm the browser dialog
⚠️ Important: Purging is permanent and cannot be undone. The action itself is logged for audit purposes.
Minimum Retention Period
A 90-day minimum retention period is enforced to meet baseline compliance requirements across most jurisdictions. Records from the last 90 days will never be purged, regardless of your configured retention setting.
Recommended retention by framework:
| Requirement | Recommended Retention |
|---|---|
| GDPR (EU) | 3 years |
| SOC 2 Type II | 1 year minimum |
| HIPAA (healthcare) | 6 years |
| General business | 1-3 years |
If your configured retention period is longer than 90 days, that value is used instead.
What Gets Purged
The confirmation page shows exactly how many records will be deleted, broken down by category:
- Loyalty card events
- Stamp card events
- Voucher events
- Member events
- Tier events
- Authentication events
- Privacy events
- And all other logged categories
Only records older than the cutoff date are affected.
Related Topics
- Viewing Logs — Search and filter activity records
- Activity Analytics — Visual insights and metrics