An audit log is only useful if someone who doesn't trust you can still trust it. That rules out a mutable database row that says “consent: true.”
We write each event — disclosure, consent, policy check, escalation — to an append-only store, each entry hash-chained to the last. Records are exportable as signed JSON and verifiable without access to our private state.
The test we hold ourselves to: could a regulator confirm what happened on a call without taking our word for it? If the answer is no, it isn't an audit trail — it's a claim.