An audit log for your studio: who did what, and when?

As long as everything runs smoothly, nobody thinks about logs. It gets interesting in the exceptional case: a gallery is suddenly gone, a client reports unusual access, or a supervisory authority asks how you handle personal data. That’s exactly when an audit log is worth its weight in gold.

What an audit log records

An audit log is a continuous, write-protected record of relevant actions: logins, changes to galleries, unlocks, deletions, branding adjustments. Each entry typically includes the timestamp, the action, the acting person or access, the target object and the IP address. It reliably answers the one question that counts in an emergency: who did what, and when?

Three situations where it matters

• Troubleshooting. A gallery was changed or unlocked, and nobody remembers by whom. The log shows it plainly — without blame assigned from memory.
• Security. Unusual logins or access from unfamiliar networks stand out when IP and timestamp are logged. That’s how you spot compromised accounts early.
• Duty to demonstrate compliance. The GDPR requires you to be able to show how you handle personal data. A log documenting who accessed which gallery when, or what was deleted, is a strong building block for that.

Read-only and limited to you

Two properties are important. First: the log is read-only — nobody can doctor entries after the fact, otherwise it would be worthless as evidence. Second: it shows only your own activity, cleanly filtered to your studio, not that of other clients on the same platform.

Conclusion

An audit log is an insurance you only learn to value once something goes wrong: for troubleshooting, security and the GDPR duty to demonstrate compliance. It has to be write-protected and limited to your studio to serve its purpose.

Lumio is built exactly for that: logins, gallery changes and client activity are logged with timestamp, action, actor, target and IP — read-only and filtered to your tenant.