Trust in an automated trading platform comes down to one question: can you verify what happened? Audit logs provide the answer. They create a permanent, tamper-proof record of every action taken on the platform — by you, by the system, and by administrators. When those logs are immutable, the answer cannot be changed after the fact.
What Append-Only Logging Means
An append-only log is a record where entries can be added but never modified or deleted. Once an event is written — a sign-in, a trade, a deployment state change, an administrative action — it is permanent. No one can go back and alter the record, not even the platform's own engineering team.
This is a stronger guarantee than simply “we log everything.” Many platforms claim to maintain logs, but if those logs can be edited or deleted by administrators, they offer limited assurance. True append-only immutability means the historical record is reliable by design, not just by policy.
In QuantumEdge, audit log immutability is enforced at the database level. Application code cannot modify or delete log entries. Database triggers prevent UPDATE and DELETE operations on audit tables. This is a structural guarantee, not a software promise.
Immutability by Design
Audit log entries in QuantumEdge cannot be modified or deleted after they are written. This immutability is enforced at the database level through triggers that prevent UPDATE and DELETE operations — not just through application-level restrictions.
What Gets Logged
A meaningful audit log captures every action that affects the state of your account, your deployments, or your data. In QuantumEdge, the following events are recorded:
- Login and logout
- Email verification and password changes
- MFA setup and verification
- Policy consent acceptance
- Deployment lifecycle (create, pause, resume, stop)
- Exchange connection and disconnection
- Data export and account deletion requests
- Deployment auto-pause (failures or risk limits)
- Exchange connection state changes
- Subscription state changes
- Account freeze or unfreeze by administrator
- Deployment freeze or kill switch
- Platform-wide trading halt
- Administrative access events
Each log entry records a timestamp, the event type, who performed the action, what resource was affected, the action taken, and whether it succeeded or failed. This structured format makes it possible to reconstruct the full history of any deployment or account action.
Why Deletion Is Restricted
If audit logs could be deleted, their value as a trust mechanism would be fundamentally undermined. A platform that deletes logs can erase evidence of errors, hide administrative actions, or retroactively alter the record of what happened.
This is why QuantumEdge treats certain records as compliance-grade: audit log entries, consent acceptance records, and deployment intervention records are all append-only. Even when a user requests account deletion, these compliance records are retained as required by law. The account is deactivated and personal data is removed, but the immutable compliance trail remains intact.
This approach aligns with regulatory expectations for financial services platforms. Regulators expect that records of transactions, consent, and administrative actions are preserved and cannot be tampered with. Append-only logging satisfies this requirement by design.
Compliance Retention
Audit logs are retained per compliance and regulatory requirements. Retention periods are determined by applicable laws and may evolve as regulations change. The platform does not publish a fixed retention duration because the governing requirements may differ by jurisdiction and may change over time.
What this means for you as a customer: your action history is preserved for the duration required by compliance policy. You can request a data export of your personal data at any time. Audit logs themselves are not included in personal data exports (they are compliance records, not personal data), but your own actions are reflected in your deployment history, trade records, and consent history, all of which are exportable.
What Customers Should Look For
When evaluating an algorithmic trading platform's transparency and trustworthiness, here are the key audit and compliance questions to ask:
Are audit logs immutable? True immutability means logs cannot be modified or deleted — not by administrators, not by the engineering team, not by database commands. Look for enforcement at the database level, not just the application level.
What actions are logged? A comprehensive audit trail should cover all authentication events, all trading actions, all state changes, all administrative actions, and all consent events. If a platform only logs trades, that is insufficient.
Are admin actions logged? Administrative access to your account — including freezes, reviews, and elevated-privilege actions — should be logged with the same immutability as your own actions. No exceptions.
Can you see your own history? You should be able to view your deployment history, trade records, and consent history. Platforms that hide your own action history are not operating transparently.
What happens to logs after account deletion? Compliance-grade platforms retain immutable records as required by law, even after account deletion. If a platform claims to delete all records on account closure, its compliance posture may be insufficient.
Frequently Asked Questions
Can I see my own audit logs?
You can view your deployment history, trade records, and consent history through the platform interface and data exports. The raw audit log (which includes internal system events) is a compliance record and is not directly exposed in the customer interface.
Can QuantumEdge delete audit log entries?
No. Audit log immutability is enforced at the database level. Neither the application, nor administrators, nor the engineering team can modify or delete audit log entries once they are written.
What happens to audit logs if I delete my account?
Account deletion deactivates your account and schedules personal data for removal. However, compliance records such as audit log entries and consent acceptance records are retained as required by law.
Are administrator actions logged too?
Yes. All administrative actions on your account — including freezes, unfreezes, and administrative access events — are recorded in the same immutable audit log as your own actions.
How long are audit logs retained?
Audit logs are retained per compliance and regulatory requirements. Specific retention durations are subject to applicable laws and may change as regulations evolve.
Disclaimer: QuantumEdge is not an exchange and does not provide investment advice. All trading involves risk. Past performance is not indicative of future results. This article is for informational purposes only and does not constitute financial advice.