An append-only, hash-chained audit log records every prompt processed, every redaction decision, and every external send. The log stores cryptographic hashes of prompt and response content — not the content itself — so we can evidence what happened without retaining the underlying personal data.
Each entry includes a cryptographic link to the previous row; altering history breaks the chain and is detectable on export. The database enforces append-only behaviour via a row-level trigger, so even root cannot silently rewrite past entries without breaking the chain. Compliance teams can export from the appliance on demand.
Conversation history — which retains prompt and response text for user reference — lives in a separate per-user store on the appliance, encrypted at rest. Conversation-scoped attachments can be removed from chat.