Home / Blog / Engineering

Engineering

Building an audit log that actually holds up

Append-only, hash-chained, independently verifiable. What it takes to produce evidence a regulator will accept without taking your word for it.

9 min read · July 2026 · NoAICalls

An audit log is only useful if someone who doesn't trust you can still trust it. That rules out a mutable database row that says “consent: true.”

We write each event — disclosure, consent, policy check, escalation — to an append-only store, each entry hash-chained to the last. Records are exportable as signed JSON and verifiable without access to our private state.

The test we hold ourselves to: could a regulator confirm what happened on a call without taking our word for it? If the answer is no, it isn't an audit trail — it's a claim.