Learn how PR-TOP protects your clients' most sensitive data with industry-leading security measures.
PR-TOP maintains a comprehensive audit trail of all security-relevant events. Every action that touches sensitive data is recorded with a timestamp, actor identity, and action description:
Audit logs are retained for a configurable period (default: 90 days) to balance accountability with storage efficiency. Critical security events (failed logins, consent changes, data deletions) are retained for a longer period.
Automated cleanup runs on a scheduled basis, removing only logs that have exceeded their retention window.
Audit log entries are append-only — once written, they cannot be modified or deleted through the application interface. This ensures the integrity of the audit trail even if an account is compromised.
Logs are stored in a dedicated database table with restricted write access, separate from the main application data.
Therapists can view the audit trail for their own account, seeing exactly when and how their client data was accessed. This transparency builds trust and supports accountability in the therapeutic relationship.
Superadmins have access to the full system audit log through the admin dashboard, with filtering by event type, user, and date range.