Use case

Track what your team does inside your own product

Log every sensitive action taken by a staff member from your back-office: suspensions, refunds, impersonations, role changes. Answer 'who did this and when' before anyone has to ask.

Start logging for freeSee the embeddable UI
The problem

Your back-office lets staff suspend users, refund invoices, change roles and impersonate customers. When something goes wrong, a wrongful suspension, a refund that should not have happened, you need to know who did it, when, from where, and with what reason. Most teams ship the back-office without any trail at all, then scramble when their first enterprise customer asks for one.

The Recalled way

Emit an event on every admin action, scoped to the organization the user belongs to. Store the actor (staff member), the targets (affected user, invoice, etc.), and a reason string. The Recalled dashboard gives you search, filters and CSV export out of the box. For enterprise customers you can mint an embed token and drop the `RecalledFeed` React component directly inside their own admin panel so they can self-serve their audit review.

Inside your admin handler
await recalled.events.create({
  action: "admin.user.suspended",
  actor: { id: admin.id, email: admin.email },
  organization: tenant.id,
  targets: [{ type: "user", id: suspendedUser.id }],
  metadata: { reason, ip: req.ip },
});

Why teams use Recalled for admin audits

  • Actor + target model

    Every event has who did it and what was affected. Filter admin actions per staff member or per affected customer in seconds.

  • Reason strings

    Store the reason on every sensitive action. When HR or legal asks why a user was suspended, you have an answer, not a shrug.

  • Embed the log in the back-office

    Mint a short-lived embed token server-side and render `<RecalledFeed />` inside your own admin UI. No context switch for your team.

  • Hash-chained integrity

    Staff cannot quietly rewrite their own history. Every event is cryptographically chained, any tampering is detectable.

Related use cases

Reconstruct any user's timeline

Query every event by actor id to rebuild a minute-by-minute timeline of what a user did. Perfect for support investigations, bug reports, and replaying the context of a complaint.

Ship SOC 2 / ISO 27001 evidence

SOC 2 and ISO 27001 both require an immutable record of sensitive actions. Recalled emits hash-chained, signed events so your auditor can verify integrity without trusting your database.

Your next audit log is 2 minutes away

Stop hacking on your own logs table. Drop in Recalled, send your first event, move on.

Start for freeRead the docs