Every retrieval, logged with the decision and the reason.
Gateco writes an audit record for every retrieval and policy decision: principal, resource, outcome, mode, timestamp. 50+ event types, exportable to JSON.
Audit logging is on for all plans. CSV and JSON export requires Growth+ (audit_export). SIEM streaming requires Enterprise (siem_export).
What gets logged
Every retrieval produces an event recording the principal, the resource, the policy that decided, the outcome (allowed, denied, or partial), the search mode, the failure mode, and a timestamp. Denied events record why access was denied, never the content that was withheld. Beyond retrieval, more than 50 event types cover policy lifecycle, principal and group changes, connector and identity-provider activity, SCIM operations, and administrative actions.
The audit trail is the same regardless of how the retrieval was made: REST API, Python or TypeScript SDK, CLI, or the MCP server. An MCP-originated retrieval shows up in the same log as a direct API call.
Export and retention
Audit records are filterable by date range and event type, and export to CSV or JSON on Growth and above, which is the format auditors ask for. Enterprise organizations can stream events to a SIEM. Retention is 90 days by default and configurable on Enterprise.
The trail maps directly onto the controls auditors check: SOC 2 CC7.2 monitoring, ISO 27001 A.8.15 logging, and EU AI Act Article 12 automatic record-keeping. It is the evidence base for the rest of your AI governance story.
Frequently asked questions
Is denied content ever stored in the audit log?
No. A denied event records the principal, the resource identifier, and the reason for denial. It never stores the content that was withheld. The log proves the denial happened without re-exposing the protected data.
How long are audit records kept?
90 days by default on Free, Team, and Growth. Enterprise organizations can configure a longer retention period through their agreement.
Can I stream audit events to my SIEM?
Yes, on Enterprise. SIEM streaming (siem_export) forwards events to your security tooling in near real time. On Growth and below, use scheduled CSV or JSON export.