Traceability & Audit Trail
Every AI interaction is fully logged -- for compliance, audits and full transparency.
Timestamp for Every Action
Who used which model with which data, and when?
Searchable Log
Filter by user, team, model or time period.
Export for Audits
Export compliance reports at the push of a button.
Data Protection Evidence
Documentation of all protective measures for GDPR requests -- including confirmation that inputs are not used for model training.
How traceability works
Five steps from automatic logging to GDPR records of processing.
- 1
Every request is logged automatically
When you send a prompt an audit entry is created with user, model, tokens, detected PII categories, applied protective measures and cost.
- 2
Filter in the audit dashboard
Filter by time range, user, team, model, risk level or detected PII categories. Example filter: 'Last 30 days, marketing team, all requests with personal names'.
- 3
Detail view per entry
Click on an audit entry shows: original prompt, filtered version, model response, protective measure details. Fully redactable for GDPR requests.
- 4
Export as CSV or PDF
One click to export as CSV (for spreadsheet analysis) or PDF (for audit reports). Optionally a signed PDF report with checksum.
- 5
Processing extract for audits
From the audit data HOVIGuard generates a processing extract -- incl. categories, recipients, retention periods.
Who benefits from traceability?
Four roles for whom a complete audit trail is mandatory or a competitive advantage.
Data protection officers
Prove AI inputs are filtered, back Article 15 GDPR enquiries with concrete numbers, implement deletion requests in an audit-proof way.
HR
Training evidence: 'who used which model how much'. Anonymised statistics for employee communication, sensitisation for risky inputs.
Management
Reliable figures for board, supervisory board or advisory board: Where is value created, where risk, what is the ROI distribution?
IT security & compliance
Detect anomalies (excessive token usage, unusual models), document access to sensitive data, preparation for internal and external audits.
What Gets Logged?
Frequently asked questions on the audit trail
Answers on logging content, retention, GDPR compliance, access and tamper protection.
What exactly is logged in HOVIGuard's audit trail?+
Per AI request: user ID, tenant, team, model, timestamp, token usage, cost, detected PII categories, applied protective measures, routing decision of Pilot, request and response metadata. On demand also prompt and response themselves (encrypted).
How long is audit data retained?+
Default 24 months for compliance evidence. Adjustable per tenant by the company admin to 12 or 36 months. Anonymised aggregates (e.g. 'number of requests per model') can stay longer.
Where is the audit data stored?+
Data does not leave the EU. HOVIGuard supports access and deletion requests — on demand a processing extract can be generated from the audit data.
Who has access to the audit dashboard?+
By default company admins and compliance roles. Users see their own entries. The role model is configurable -- e.g. a dedicated 'auditor' role with read-only access.
Which export formats are available for audit data?+
CSV for spreadsheet analysis (Excel, Google Sheets), PDF for audit reports (with checksum), JSON for technical processing. Directly in the dashboard with one click.
Which events are alerted in real time?+
Configurable per tenant -- typical: input of credit card numbers, IBAN, social security numbers, passwords, confidential briefings. Alert in chat plus entry in the risk log.
Can I detect whether employees use shadow AI?+
Indirectly -- if usage analytics show a sudden drop, or if DLP logs show outgoing AI connections that do not run via HOVIGuard. The platform primarily covers the approved use case.
How is the authenticity of audit entries ensured?+
Append-only log with checksum chain: each entry contains a hash of the previous entry. Tampering with old data breaks the chain and is provable.