Use Case

Compliance and audit

Immutable audit trails for regulated industries.

The auditor arrives.

They ask for proof of every transaction.

Your team digs through logs.

Some records are missing.

Others were overwritten.

The audit stalls for weeks.

npayload records everything in a tamper proof chain.

Auditors get what they need instantly.

See how it flows

Any ActionPublish, deliver, access

Hash Chain RecordTamper proof entry

Data ResidencyRegion locked

Audit ReportContinuous verification

Compliance ProvenSOC 2 + GDPR + HIPAA

Tamper proof records

Every event is recorded in a hash chain. Altering any entry breaks the chain and is immediately detectable.

Immutable Audit Chain

#1042order.createda3f8...c21d

#1043payment.captured7e2b...9f4a

#1044inventory.reservedb91c...2e7f

#1045shipment.createdd4a7...8b3c

Every entry chained. Tamper proof.

Compliance frameworks

SOC 2 Type II, GDPR, HIPAA, and ISO 27001 controls mapped and continuously verified.

Delivery Proof

api.acme.com/hooks200

sha256=a3f8...14:22:08

events.partner.io200

sha256=7e2b...14:22:09

hooks.client.dev200

sha256=b91c...14:22:09

Data residency controls

Data stays in the region your regulators require. Cross border transfers require explicit consent.

Privacy Modes

Standard

Metadata + payload visible

Hybrid

Metadata visible, payload encrypted

Zero Knowledge

Everything encrypted. Even npayload cannot read it.

Recommended

Retention policies

Up to six years of audit trail retention on enterprise plans. Configurable per channel.

Event Stream

#114:22:08.041order.created

#214:22:08.127payment.captured

#314:22:08.203inventory.reserved

#414:22:08.298shipment.dispatched

#514:22:08.344notification.sent

Strict ordering guaranteed

How it works

Events are recorded automatically

Every message, delivery, and agreement creates an immutable audit entry.

Hash chains prevent tampering

Each entry references the previous one. Altering any record breaks the chain.

Export for your auditors

SOC 2, GDPR, and HIPAA controls are mapped. Audit reports are always ready.

Compliance and Audit Infrastructure: Before and After

Without npayload

Preparing for an audit means weeks of aggregating logs from dozens of systems
No tamper evidence on logs means auditors question the integrity of your records
Tracking data flows across organizational boundaries is nearly impossible
Compliance requirements change and your infrastructure has no way to enforce the new rules
Different systems log in different formats, making correlation a manual process

With npayload

Export complete audit trails for any time range in minutes, not weeks
Hash chain integrity proves logs have not been tampered with since creation
Every cross organization data flow is logged with sender, receiver, consent, and timestamps
Policy enforcement is built into the messaging layer, not bolted on after the fact
Unified event format across all systems with W3C distributed tracing

npayload vs Building Compliance Infrastructure Yourself

Feature	npayload	Build it yourself
Audit trail	Always on, hash chained, tamper evident	Custom logging per service, no integrity guarantees
Audit preparation	Export any range in minutes via API	Weeks of log aggregation and formatting
Tamper evidence	Hash chain with cryptographic integrity verification	Log files that anyone with access can modify
Cross org tracking	Full provenance for every message across organizations	Correlation IDs that stop at organizational boundaries
SIEM integration	Native audit streaming to your SIEM	Custom export pipelines per compliance tool
Data retention	Configurable retention policies per channel and region	Manual cleanup scripts with deletion compliance risk

Frequently asked questions

How does hash chain integrity work?+

Every audit entry includes a cryptographic hash of the previous entry. This creates an unbroken chain where any modification to a historical entry breaks the chain and is immediately detectable. This is the same principle that makes blockchain ledgers tamper evident.

Which compliance frameworks does npayload support?+

npayload's architecture supports SOC 2, GDPR, HIPAA, and PCI DSS requirements. The immutable audit trail, encryption options, consent management, and data residency controls address the common requirements across these frameworks.

Can we stream audit events to our existing SIEM?+

Yes. npayload provides native audit streaming that sends events to your SIEM in real time. Supported formats include standard syslog and JSON. No batch export or custom integration required.

How long are audit logs retained?+

Retention policies are configurable per channel and per organization. You set the retention period that matches your regulatory requirements. Logs can also be archived to cold storage for long term preservation.