Compliance and Security
Audit Logs
Vilulia logs every action taken on the platform — case creation and updates, document access, AI tool usage, user logins, and settings changes — in tenant-isolated audit records. Audit logs are used for security monitoring, compliance reporting, and investigating access incidents. Retention periods are based on HIPAA add-on status, not plan tier.
What you'll learn
- What types of actions are captured in audit logs
- How long logs are retained based on HIPAA add-on status
- How audit logs are tenant-isolated for security
- How to access logs from Settings → Audit Logs
- How admin impersonation sessions are tracked in the audit trail
What is logged
Vilulia maintains several audit log categories. The core audit log captures all platform actions including user logins, case and document access, AI tool invocations, settings changes, and user management actions. Specialized logs exist for mediation agreement events, pricing changes, arbitration award events, and PHI access. Each log entry records the tenant, the action type, the resource affected, and the timestamp.
Admin impersonation tracking
When a Vilulia support administrator creates an impersonation session to assist a tenant, both session start and session end are written to the audit log with action types admin.impersonation_started and admin.impersonation_ended. The log entry records the admin's identity, the target tenant and user, the stated reason, any linked support ticket reference, and the session duration. All actions performed during an impersonation session are attributed to the admin's identity in the audit trail, not the tenant user's. HIPAA-enabled tenants must explicitly permit admin impersonation via a feature flag; the platform blocks it by default for those tenants.
Retention by HIPAA add-on
| Configuration | Audit log retention |
|---|---|
| No HIPAA add-on (all plan tiers) | 3 years |
| HIPAA Basic add-on | 6 years |
| HIPAA Enhanced add-on | 7 years |
Enterprise tenants can configure custom retention periods above the tier minimum via tenant settings. High-risk log entries (flagged by the audit service) are retained for an additional 3 years beyond the tier baseline.
Tenant isolation
All audit log records are indexed by tenant_id, so each organization's audit history is completely isolated from other organizations on the platform. Vilulia staff with support access can view logs within a tenant only when investigating a reported issue, and those accesses are themselves logged.
Accessing audit logs
Tenant admins can access audit logs from Settings → Audit Logs. Logs can be filtered by date range, action type, user, and resource. HIPAA audit logs are accessible from the HIPAA Compliance dashboard under the same Settings menu. Reading HIPAA audit logs is itself audit-logged per §164.312(b).
Related articles
Can't find what you're looking for? Contact Support