Growth
Compliance and Audit
The single workspace your compliance officer, HR admin, or tenant owner lives in. A unified audit log captures every privileged action across every module; PII reads are logged separately and threshold-alertable; retention policies enforce statutory floors (PIPEDA 7-year) with dry-run previews and legal-hold overrides; DSAR and right-to-erasure execute end-to-end with per-module collectors and anonymization handlers; SOC 2 evidence packages regenerate on demand. This is the module that lets BPOs sell into regulated industries — financial services, healthcare, government — without losing six months to a custom integration project.
What's inside
Compliance dashboard
Single landing page for the compliance officer — KPI tiles for every sub-surface (PII access, failed-access spikes, retention runs status, DSAR queue depth, legal holds in force, SOC 2 freshness), each a one-click drill-in to the underlying log or workflow.
AvailableUnified audit log viewer + export
Every audit event from every module in one searchable, exportable log. Filter by actor, action, resource, result, session ID, and date range; resource IDs resolve to human-readable names; CSV / JSON exports run async so a million-row pull doesn't time out the UI.
AvailablePII access log + purpose annotation
Every read of PII (national ID, home address, emergency contact, etc.) logged with the actor, target employee, and timestamp. Optional tenant toggle: require the actor to state a business purpose at read time and capture that purpose alongside the read.
AvailableFailed + denied access log
Every authentication failure, permission denial, and cross-tenant probe in one stream. Brute-force aggregation surfaces patterns (≥5 failures from same IP in 10 min) so a credential-stuffing wave doesn't drown in single-row noise.
AvailableData retention policy editor + enforcement
Per-category retention windows (employee records, audit events, recruiting candidates, notifications, etc.) with PIPEDA's 7-year floor as a hard minimum. Dry-run preview before commit; retroactive policy changes require explicit confirmation; worker executes purge / archive per schedule.
AvailableLegal hold creation + release
Place a hold on specific employees, candidates, or resource types and retention purges automatically skip those records until the hold is released. Each hold carries a case reference, scope, custodian, and audit trail of every retention run that respected it.
AvailableDSAR (PIPEDA / CCPA) workflow
Data Subject Access Requests handled in-product through the full lifecycle: intake → identity verification → collection across every module → packaging into a downloadable ZIP → fulfillment. Module-specific collectors pull from every part of the system; deadline alerts fire before statutory due dates.
AvailableSOC 2 Type II evidence package
One click produces the bundle your auditor wants — access reviews, audit log samples, retention runs, PII access summaries, legal holds, DSAR fulfillments. Async generation drops a ZIP with a manifest + per-category JSON / CSV exports; re-runnable on any date range.
Available