Audit Logging
Last updated: July 4, 2026
A trustworthy platform needs a trustworthy record of what happened on it. CORPYO logs security-relevant activity across the platform so that incidents can be reconstructed accurately, access can be reviewed, and customers and regulators can be given a precise account when needed.
What We Log
Categories of events we record include:
- Authentication events (sign-in, sign-out, failed login attempts,
- Administrative and privileged actions (role changes, permission grants,
- Access to sensitive customer records by internal staff (e.g. support
- Infrastructure and security-control changes (deployments, firewall rule
- API requests to sensitive endpoints
password resets, MFA enrollment and challenges)
data exports, configuration changes)
or compliance review of KYC documents)
changes, secret rotations)
Immutable Logs
Security and audit logs are written to a centralized, access-controlled logging system separate from the application databases they describe. Write access is restricted, and logs are not editable by the engineers or support staff whose actions they may record — this separation is deliberate, so that logs remain a reliable record even in an insider-risk scenario.
Monitoring
Logs feed our real-time monitoring and alerting pipeline (see Security Program → Monitoring). Automated rules flag patterns such as repeated failed logins, privilege escalation, unusual data-export volume, or access from anomalous locations, and route them to on-call security and engineering staff for review.
Log Retention
Security-relevant logs are retained for a period sufficient to support incident investigation, internal audit, and applicable legal or regulatory recordkeeping obligations, after which they are securely deleted or anonymized in line with our data-retention practices described in our Privacy Policy. Enterprise customers with specific retention or export requirements for their own compliance programs can contact security@corpyo.com.
Security Events
Beyond routine access logging, we track dedicated security events — detected anomalies, blocked attack attempts at the network edge, vulnerability scan findings, and incident-response actions — as part of our broader Incident Response process.