Audit Trail

Last updated: February 2026

Why Audit Trails Matter in Planning

Planning decisions affect property rights, community amenity, and public safety. When a planner relies on a compliance tool to identify applicable provisions, there must be a verifiable record of what was queried, what was returned, and what data version was current at the time. PlotDetect is built to provide this record.

What Is Logged

For every query made through PlotDetect's API or web interface, the following is recorded:

  • Query parameters: The property address or coordinates, filters applied (zone, development type, heritage status), and the specific endpoint called
  • Results returned: The full set of provisions returned to the user, including their provision IDs, source document references, and citation details
  • Timestamp: When the query was executed (UTC)
  • Data version: The version of the provision database that was current at query time, including the "last parsed" date for each council's DCP
  • User context: The authenticated user or API key that made the request (for licensed users)

Data Retention

  • API query logs: Retained for a minimum of 7 years, consistent with NSW State Records Act requirements for government records
  • Provision version history: When a DCP is re-parsed after amendment, previous provision versions are archived, not overwritten. This allows reconstruction of what the database contained at any historical point
  • User account data: Retained as described in our Privacy Policy

Verification Process

A council, auditor, or user can verify any PlotDetect output through the following process:

  1. Identify the query: Using the timestamp and query parameters from the audit log
  2. Check the data version: Confirm which version of the council's DCP was current in PlotDetect's database at query time
  3. Verify each provision: For each provision returned, follow the citation chain (document → section → clause → page number) to the source DCP document
  4. Compare: Confirm the provision text in PlotDetect matches the source document at the cited location

This process is possible because PlotDetect stores verbatim provision text with full source citations, not summaries or AI-generated interpretations.

Government and Enterprise Reporting

For council and enterprise licence holders, PlotDetect provides:

  • Usage reports: Query volumes, most-accessed provisions, and coverage utilisation
  • Data currency reports: Current status of each council's DCP in the database, including any known gaps or pending updates
  • Audit exports: Downloadable logs of all queries and results for a specified time period, suitable for inclusion in council records management systems

Infrastructure and Security

  • Hosting: PlotDetect's database and application infrastructure is hosted on Supabase (AWS Sydney region, ap-southeast-2), keeping data within Australian jurisdiction
  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access control: Database access is restricted by role-based access controls. API access requires authentication via API keys with per-key rate limiting and usage tracking
  • Backups: Daily automated backups with point-in-time recovery capability

AIAF Alignment

PlotDetect's audit trail is designed to support NSW Government agencies completing the NSW AI Assessment Framework (AIAF) for any workflow that incorporates PlotDetect data. Specifically:

  • Transparency: Full provenance chain from query to source document
  • Accountability: Immutable query logs with timestamps and data version records
  • Reassessment support: When DCPs are amended and PlotDetect's data is updated, version history enables agencies to identify what changed and when

Contact

For audit trail access, compliance documentation, or data currency inquiries, contact compliance@plotdetect.com.au