Reports & audit

Every conversation logged. Every answer accountable.

When the CEO asks whether the company is using AI safely, you pull up the admin console and answer in four minutes. Backplain's reports were built for that conversation — and for the auditor's follow-up.

What's included

Four built-in reports. No extra license.

Usage report

Active users, prompts per user, models used, average response time, and per-team adoption. Filter by date range, team, model, or department. Export to CSV.

AI Firewall report

Every Firewall event with mode (Block / Warning / Reconstitute), category (PII / PHI / financial / custom), user, prompt context, and the substitution that was applied. The shortest path to SOC 2 evidence.

Model comparison report

Side-by-side answers from multi-model sessions. Which model the user picked, which they discarded, which agreed with which. Useful for justifying model bundle decisions to a procurement committee.

Audit export

Full audit trail — prompts, responses, Firewall actions, admin changes, seat changes, role changes — exported as JSON, CSV, or streamed to your SIEM via webhook/syslog. Splunk, Datadog, Sentinel, Sumo all supported.

Compliance posture

Built for regulated work.

Backplain hosts on SOC 2 Type II infrastructure. Sovereign Compute customers run in a dedicated Tier 3 data center in San Diego, with R&D and fine-tuning at the Backplain AI Lab in Carlsbad. HIPAA BAAs available on Business and Enterprise. EU data residency available on request.

Common questions

Reports & audit FAQs.

What exactly is logged?: Every prompt sent, every response received, every Firewall interception with the original and substituted text, every admin action (seat changes, role changes, model toggles, Firewall rule edits), and every login. Logs are immutable and timestamped to the millisecond.
Where are logs stored?: In your tenant's region. Multi-tenant SaaS customers default to US-West (San Diego); EU customers default to Frankfurt. Sovereign Compute and dedicated bare-metal customers control storage location entirely.
How long are logs retained?: 13 months by default on Team and Business. Enterprise customers can configure 7-year retention to match SOX, HIPAA, or sector-specific regulatory requirements.
Can I stream logs to my SIEM?: Yes. Webhook (HTTPS POST), syslog, and direct integrations for Splunk, Datadog, Microsoft Sentinel, and Sumo Logic. Configure under Admin → Reports → SIEM.
Who can see the audit log?: Admins by default. Power users can be granted read-only audit access. Standard users only see their own session history.
Can I prove a specific user didn't share a specific document?: Yes. The audit log is searchable by user, by document fingerprint, by Firewall event, and by free-text prompt search. The CEO's question — "are we using AI safely?" — is a four-minute answer, not a four-month one.
Are reports available via API?: Yes. Every report has a REST and webhook equivalent. API keys are scoped per-report and rotatable from the admin console.

Need a custom report or evidence package for an auditor? Open a ticket — we'll scope it on the first reply.

Keep going