Audit log + permission tiers — track every action

As soon as you have 3+ employees, you need an audit log. Customer complaints, payment disputes, deleted records — all easier to resolve when you can see who did what.

What gets logged

Every meaningful action:

Customer created, edited, deleted
Vehicle added, edited, removed
Quote built, sent, edited, accepted, canceled
Invoice paid, refunded, voided
Job status changes (especially: deletion, status reverts)
Permission changes (role grants, role removals)
Settings changes
SMS sent / received (metadata; not body)
Photos uploaded / deleted
Warranty registered / claimed

Each entry includes: timestamp, user, action, before/after state (for edits).

Where to view

Settings → Audit log. Filter by:

User
Date range
Action type
Specific record (e.g. "show all actions on Customer #1247")

Permission tiers

Standard tiers:

### Owner - Full access to everything - Can grant/revoke any role - Can see audit log - Can edit any record without approval

### Manager - Full access to customer + quote + invoice flows - Can issue refunds up to defined limit - Can override pricing within bounds - Can see all reports - Cannot grant/revoke roles - Cannot delete records

### Front desk operator - Customer + quote + invoice CRUD (no delete) - Can build quotes - Can process payments - Can reply to customer SMS - Cannot refund above defined limit - Cannot override pricing - Cannot see margin reports

### Installer - Their own jobs only - Photo capture - Status updates - Customer SMS (in-job conversations) - Cannot edit customer or invoice records - Cannot see other techs' jobs - Cannot see pricing

### Tech lead / shop foreman - All installer permissions - Can see all techs' jobs - Can reassign jobs - Can adjust bay capacity in real time

Setting up permissions

Settings → Team → each user → Role. Pick from defaults or customize per-permission.

For custom permissions: - Click each permission (e.g. "Refund authority") - Set the limit ($X per refund, $Y per day total) - Save

Common scenarios

### Scenario: A staff member is leaving

Settings → Team → revoke their role
Audit log captures the time
Their existing customer records remain (auditable)
If they're returning their device, force device sign-out

### Scenario: A refund was issued that shouldn't have been

Audit log → filter by action "refund.issued"
Find the entry; see which staff member, which customer, which amount
Either reverse the refund (Settings → Invoice → reverse) or coach the staff member

### Scenario: A customer record was deleted

Audit log → filter by action "customer.deleted"
Restore: Settings → Trash → find the customer → Restore
30 days of deletion history; older deletions are permanent

### Scenario: Settings changed unexpectedly

Audit log → filter by action type "settings.changed"
See who changed what, when, from what to what
Revert if needed

Review cadence

Daily: spot-check yesterday's high-value actions (large refunds, deletions, role changes)
Weekly: review the week's audit log for any anomalies
Monthly: review with the team — share that "the log captures everything; integrity matters"

As soon as you have 3+ employees, you need an audit log. Customer complaints, payment disputes, deleted records — all easier to resolve when you can see who did what.

What gets logged

Every meaningful action:

Customer created, edited, deleted
Vehicle added, edited, removed
Quote built, sent, edited, accepted, canceled
Invoice paid, refunded, voided
Job status changes (especially: deletion, status reverts)
Permission changes (role grants, role removals)
Settings changes
SMS sent / received (metadata; not body)
Photos uploaded / deleted
Warranty registered / claimed

Each entry includes: timestamp, user, action, before/after state (for edits).

Where to view

Settings → Audit log. Filter by:

User
Date range
Action type
Specific record (e.g. "show all actions on Customer #1247")

Permission tiers

Standard tiers:

### Owner - Full access to everything - Can grant/revoke any role - Can see audit log - Can edit any record without approval

### Tech lead / shop foreman - All installer permissions - Can see all techs' jobs - Can reassign jobs - Can adjust bay capacity in real time

Setting up permissions

Settings → Team → each user → Role. Pick from defaults or customize per-permission.

For custom permissions: - Click each permission (e.g. "Refund authority") - Set the limit ($X per refund, $Y per day total) - Save

Common scenarios

### Scenario: A staff member is leaving

Settings → Team → revoke their role
Audit log captures the time
Their existing customer records remain (auditable)
If they're returning their device, force device sign-out

### Scenario: A refund was issued that shouldn't have been

Audit log → filter by action "refund.issued"
Find the entry; see which staff member, which customer, which amount
Either reverse the refund (Settings → Invoice → reverse) or coach the staff member

### Scenario: A customer record was deleted

Audit log → filter by action "customer.deleted"
Restore: Settings → Trash → find the customer → Restore
30 days of deletion history; older deletions are permanent

### Scenario: Settings changed unexpectedly

Audit log → filter by action type "settings.changed"
See who changed what, when, from what to what
Revert if needed

Review cadence

Daily: spot-check yesterday's high-value actions (large refunds, deletions, role changes)
Weekly: review the week's audit log for any anomalies
Monthly: review with the team — share that "the log captures everything; integrity matters"

Audit log + permission tiers — track every action

What gets logged

Where to view

Permission tiers

Setting up permissions

Common scenarios

Review cadence

Related

More in Team & training

Need more help?

Audit log + permission tiers — track every action

What gets logged

Where to view

Permission tiers

Setting up permissions

Common scenarios

Review cadence

Related

More in Team & training

Need more help?