Audit Trail and Data Retention
Every action in ArkanPM is captured. Every change is traceable. Every actor is accountable. This article walks through the audit trail, change differencing, soft deletion, and document retention policies.
The audit log
ArkanPM captures every:
- Create
- Update
- Delete
- Login
- Logout
Each entry carries:
- User identity — who performed the action.
- Timestamp — when.
- Entity type and ID — what was acted on.
- IP address — where the request originated.
- User agent — browser or client identifier.
- Arbitrary metadata — context-specific fields (for example, the previous lease status for a lease transition).
JSON change differencing
Updates store both the old and new values as JSON. The audit log viewer displays before-and-after values side-by-side in expandable rows. This enables:
- Point-in-time comparison — see exactly what a record looked like at any historical timestamp.
- Investigation workflows — when something is off, trace it back to the exact change that caused it.
- Compliance reporting — produce evidence of control for auditors without reconstructing data from backups.
Filtering the audit trail
Open Admin → Audit log. Filters available:
- Entity type — work order, lease, user, document, and so on.
- Action — create, update, delete, login, logout.
- Date range.
- User — narrow to a specific actor.
Paginated results handle even the most active tenants. Export to CSV for offline analysis.
Soft delete tracking
ArkanPM never truly deletes records. When a user deletes, the record carries a deleted_at timestamp. Queries automatically exclude soft-deleted records, but they remain in the database for:
- Recovery — restoring accidentally deleted records.
- Referential integrity — preserving foreign keys for historical reports.
- Audit compliance — regulators often require deletion evidence, not actual removal.
Administrators can hard-delete via a separate, heavily-logged flow when regulations require it.
Document retention policies
The document management system classifies every document with a retention type:
| Retention Type | Typical Use | Default Behavior |
|---|---|---|
| Compliance | Regulatory certificates, inspection reports | Long retention, protected from deletion |
| Financial | Lease agreements, invoices, owner payouts | Multi-year retention |
| Operational | Work order attachments, photos | Medium retention |
| Temporary | Drafts, one-off uploads | Short retention, auto-cleanup |
Each document can carry a configurable expiration date. Before deletion, retention policies verify that:
- The document is past its expiration date (if set).
- No active entity references prevent deletion.
- An administrator with the appropriate permission approves the action.
Document access audit trail
Every document view, download, and edit is logged with:
- User ID
- Action type (view, download, edit, delete)
- IP address
- Timestamp
Full auditability for regulatory requirements. The access log is queryable from the document's detail page.
Access levels
Documents carry one of four access levels:
- Public — visible to any authenticated user in the tenant.
- Tenant-wide — visible to all users in the tenant with the right role.
- Building-scoped — visible only to users assigned to the document's building.
- Restricted — explicit grants only.
The system enforces visibility based on the requester's role and scope. Users never see a document they are not entitled to, even in search results.
Best practices
- Audit review monthly. Rotate the responsibility — a fresh set of eyes catches patterns.
- Tag retention types at upload. Changing them later is possible but avoidable.
- Export audit logs quarterly. Offline archives give you an independent evidence trail.
- Use soft delete by default. Only hard-delete when a regulation requires it.
What next
You have completed the core help center. Revisit the Getting started articles to onboard new team members, or dive into any category that is new to you.