At a Glance
- Every action in ShelfSpace is logged in an immutable cannabis audit trail
- Logs capture who did what, when, and what changed — with before and after values
- Append-only design: log entries cannot be edited or deleted by anyone
- Supports regulatory audits, internal investigations, and dispute resolution
Cannabis Audit Trail and Compliance Logging
The cannabis audit trail in ShelfSpace records every meaningful action taken on the platform. When a user creates a delivery, changes a payment status, uploads a document, approves a credit memo, or modifies a vendor record, the event is written to an append-only log. These entries are immutable — once written, they cannot be changed or removed by any user, including admins.
Cannabis regulators expect operators to answer questions like "Who approved this payment?" and "When was this delivery received and by whom?" With ShelfSpace, those answers are always available. The audit trail is not a feature you turn on — it runs continuously as part of the platform's core infrastructure.
What Gets Logged
The audit trail captures a wide range of actions across every module in ShelfSpace:
- Status changes — Every time a delivery, payment, settlement, or credit memo changes status, the log records the old status, new status, timestamp, and the user who made the change.
- Document actions — Uploads, removals, and access to invoices, manifests, COAs, and check PDFs are all logged.
- Financial actions — Payment creation, voiding, reissuing, and linking to purchase orders or settlements are tracked end to end.
- User actions — Invitations, role changes, MFA events, and account deactivations are recorded. See Roles & Permissions.
- Delivery lifecycle — From creation through receiving, hold placement, reconciliation, and completion. See Delivery Tracking.
Immutable by Design
Audit log tables in ShelfSpace are append-only. There are no UPDATE or DELETE policies on these tables — the database itself prevents modification. This design ensures that even if an admin account were compromised, the historical record could not be tampered with.
Each log entry stores the actor (user or system), the action type, the affected record, the field that changed, the previous value, the new value, and a precise timestamp. For delivery-specific logs, we also record whether the action was performed by a user, the system, or an API integration. This level of detail means you can reconstruct the full history of any record at any point in time.
Why It Matters for Cannabis Compliance
Cannabis is one of the most heavily regulated industries in the country. State agencies can audit your operation at any time and request records going back years. With ShelfSpace, you do not need to dig through emails, spreadsheets, or paper files to reconstruct what happened. The audit trail provides a single, definitive source of truth.
Beyond regulatory compliance, the audit trail supports internal accountability. If a payment was made that should not have been, or a credit memo was approved without proper review, the log shows exactly who took that action and when. This protects both the business and its employees by removing ambiguity from financial workflows.
Combined with row-level security, multi-factor authentication, and zero hard deletes, the audit trail completes a security model built specifically for the compliance demands of cannabis operations.