Currently in closed beta

Done with activity_logs tables.

Add audit logs to your product in 3 lines of code. Storage, search and compliance, handled for you.

See the code

Closed beta. Join the waitlist, we will reach out.

Zero maintenanceEU hosted, encrypted at rest3-line integrationWorks for AI agents too

Trusted by

01, USE CASES

Why teams use Recalled

Three concrete reasons devs drop an audit SDK into their product.

  • Track every action

    Who changed their password? Who shared this document? Log every user action with who, what, when, from where, and review it all from your own admin back-office.

  • Stay audit-ready

    Support ticket, security incident, GDPR request: the day someone needs to know who did what, you shouldn't be writing SQL at midnight. Recalled delivers a signed, exportable, compliant audit trail from your first event.

  • Keep your database lean

    Audit logs grow fast and slow down production queries. Recalled stores events off-site, indexed for search, with configurable retention. Your main DB stays focused on your product.

  • Audit your AI agents

    Your AI agents act on behalf of users. Recalled records every action with a cryptographic receipt the agent can cite back. Replayable evidence when something goes wrong.

See every use case
02, HOW IT WORKS

Three steps, you are done

No migration, no queue, no SQL. The fastest audit log you will ever ship.

  1. 1
    Create a project

    Sign up, name your product, done. 30 seconds, no credit card needed.

  2. 2
    Grab an API key

    One click to generate a key. Paste it in your .env. You keep the secret, we keep the hash.

  3. 3
    Send your first event

    Three lines of code from our npm SDK, or a cURL call from any language. You are logging.

03, INTEGRATE

Use any language

An npm SDK for JavaScript and TypeScript, a REST API for everything else. Python, Go, Ruby, PHP, Rust, whatever you ship in.

node.js
# npm install @recalled/sdk

import { Recalled } from '@recalled/sdk'

const client = new Recalled({
  apiKey: process.env.RECALLED_KEY
})

await client.events.create({
  action: 'invoice.deleted',
  actor: { id: 'user_123' }
})
rest api
curl -X POST https://api.recalled.dev/v1/events \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "invoice.deleted",
    "actor": { "id": "user_123" }
  }'
04, FEATURES

Built for developers

Stop building your own audit log. We do the boring part so you can ship the rest.

  • Event tracking

    Record every user action, create, update, delete, login, permission granted, with who, what, when, from where.

  • Search and filters

    Full-text search across all events. Filter by user, action, resource, date range, IP. Real-time results, cursor pagination.

  • Embeddable UI

    An internal admin widget for your support, ops and compliance team. Drop the React component inside the back-office they already use to investigate "who did what" without switching tools.

  • Export and retention

    CSV or JSON export on demand, filtered by actor, action, date range and more. Configurable retention per plan, fine-grained rules on Scale.

  • Tamper-evident by default

    Every event is HMAC-SHA256 signed with a server-side key, then chained to the previous one. Silent rewrites are detectable. Call GET /v1/events/verify anytime to prove integrity to an auditor.

  • Analytics dashboard

    Activity overview, event spikes, top actions, most active users. Alerts on anomalous behavior.

  • Cryptographic receipts

    Every event has a portable receipt with a public verification URL. Send the link to a customer who disputes an action, paste it in a support reply, attach it to a ticket. The recipient clicks, sees a green Verified banner, no API key required.

05, PRICING

Simple pricing, no surprise

Start free, upgrade when you have real customers. No per-seat pricing. No hidden fees. Cancel anytime.

Free

For validating the integration.

$0per month
What you get
  • 1 project
  • 3,000 events / month
  • 1 funnel
  • 7 days retention
  • Basic dashboard
  • Tamper-proof signing
  • Discord and Telegram notifications
Start for free
Starter

For your first paying users.

$9per month
What you get
  • Everything in Free, plus:
  • 3 projects
  • 20,000 events / month
  • Up to 2 team members per project
  • 1 generic webhook
  • Up to 2 funnels
  • 3 months retention
  • CSV / JSON export
  • MCP server for Claude / Cursor / AI agents
  • Email support
Start with Starter
Most popular
Pro

For startups in production.

$29per month
What you get
  • Everything in Starter, plus:
  • Unlimited projects
  • 100,000 events / month
  • Up to 5 team members per project
  • Up to 3 generic webhooks
  • Up to 5 funnels
  • 1 year retention
  • Advanced dashboard
  • Embeddable UI included
  • Configurable retention per event type
Start with Pro
Scale

For established SaaS.

$79per month
What you get
  • Everything in Pro, plus:
  • Unlimited projects
  • 500,000 events / month
  • Up to 10 team members per project
  • Up to 10 generic webhooks
  • Unlimited funnels
  • Unlimited retention
  • Priority email support
  • 99.9% uptime SLA
Start with Scale
Not sure which plan

Pick a plan that fits your real volume

Drag the slider, we estimate the events your project will emit and point at the cheapest plan that fits.

Starter fits your usage
500
Estimated eventsper month
10,000

Audit logs are not analytics: we count one event per state change (login, action, integration, webhook, sensitive access), not per page view. A SaaS that audit-logs seriously lands between 15 and 40 events per active user per month — the default of 20 is a realistic floor. Dial it down if your product is unusually quiet.

06, COMPLIANCE

The compliance box, ticked for you

GDPR, SOC2, ISO 27001. You don't have to be enterprise to need a clean audit trail. GDPR applies from your very first user, and a security questionnaire can land at any stage. Recalled gives you what you need: EU hosting, AES-256 encryption at rest, configurable retention, and one-call right to erasure.

SOC2 readyISO 27001 readyGDPREU hostingAES-256Right to erasure
07, FAQ

Frequently asked questions

Can't find what you are looking for? Reply to any email from us, we read them all.

How long does integration take?

About 2 minutes. Install the npm package, paste your API key in .env, call client.events.create() once in your code. You are done.

What happens if I exceed my quota?

We return HTTP 429 with a clear error code so your app can log it and you can upgrade. We never drop events silently, and we never charge you extra without your consent.

Is my data secure?

Yes. All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Every event is signed with HMAC-SHA256 and chained to the previous one, so a rewrite from inside the database is detectable. A public GET /v1/events/verify endpoint lets you audit the whole chain in one call. API keys are hashed with SHA-256, never stored in clear.

Where is the data hosted?

Exclusively in the European Union. No transfer outside the EU by default. Mentioned clearly in our DPA.

Can I export my data?

Yes, anytime. CSV or JSON, on demand, filtered by project, organization, actor or date range. Standard GDPR Article 20 portability right, plus it is just good hygiene.

How does GDPR work?

Recalled acts as a data processor under GDPR. We provide a standard DPA you accept at signup. For the right to erasure (Article 17), one API call anonymizes all events of a given user.

Are you SOC 2 or ISO 27001 certified?

Not yet. We run the controls those audits require, HMAC-signed events, EU hosting, AES-256 at rest, role-based access, DPA at signup, so your own auditors can verify Recalled's part of your trail via GET /v1/events/verify and CSV/JSON exports. Most customers use Recalled to collect evidence for their own SOC 2 or ISO 27001 audit, not the other way around. When we formally pass a Type II report, we will publish it here.

What frameworks does the embeddable UI support?

A React component published on npm as @recalled/sdk/react, designed to live inside the admin panel your support, ops and compliance team already use. It works with Next.js, Remix, Vite, CRA, any React 18+ setup. If your back-office is not React, you can query the same data directly via the REST API from whatever admin tooling you have.

Can I try before I pay?

Yes. The Free plan gives you 3,000 events per month, one project, 7 days retention, forever. No credit card needed. Upgrade to Starter (90 days) or Pro (1 year) once your data needs to live longer than a week.

Does Recalled work for AI agents and not just human users?

Yes. Recalled records human and AI agent actions side by side, with the same hash chain and HMAC signature. Set actor.type to 'agent' for the agent-driven ones, leave it as 'user' for human ones. Every event also has a public receipt URL you can send to a customer disputing an action, paste in a support ticket, or let your AI agent cite in its reply. No API key needed to verify. See /docs/agent-audit for the full pattern.

Your next audit log is 2 minutes away

Stop hacking on your own logs table. Drop in Recalled, send your first event, move on.

Start for freeRead the docs