Every mutation in a workspace (POST, PATCH, DELETE) writes a row to a hash-chained audit log. Customers can answer 'who did X, when, from where' without a support ticket.
Where to find it
Workspace → Audit log (under Setup in the sidebar). Filter by actor or HTTP method; paginate backwards in time with the cursor at the bottom.
Integrity report (G3.4)
Click 'Download integrity report' at the top of the audit-log page. The endpoint re-runs SHA-256 verification of the prev_hash → entry_hash chain and packages the result as a plain-text file. SOC 2 auditors typically ask for this kind of artefact as evidence of tamper-evidence.
The chain is global across all workspaces; per-row break detail is filtered to your workspace, but the verdict reflects end-to-end integrity. If you see 'workspace rows INTACT — global chain has unrelated breaks', your data is fine; an operator has already been paged.