Draft for internal review only — not legal advice. This document is a working draft based on the EquestrianIQ Pre-Launch Policy Pack (v0.1) and must be reviewed by qualified counsel before launch.
Purpose
Audit trails support user trust, security, privacy reviews, support investigations and dispute management.
Events to log
- Record created, edited, deleted, restored or archived.
- Document uploaded, downloaded, exported or removed.
- Record viewed where technically and commercially appropriate, especially sensitive records.
- Permission granted, changed, expired or revoked.
- Share link created, accessed, disabled or expired.
- AI analysis enabled, disabled or run on a record.
- Admin / staff access to user records.
- Failed access attempts and suspicious activity.
Audit log access
Account owners can see who has access to each horse and selected high-value access events. Full security logs may be internal only. Paid/professional tiers may include enhanced audit history, export logs and access-review reports.
Retention
Audit logs are retained for a defined period based on legal, security and product requirements. Starting point: 24 months for user-facing access logs, longer for security-critical logs, subject to legal review and storage costs.