Home/
Part XIV — Team Workflows and "Shipping With Adults in the Room"/44. Governance and Compliance (If You're Building a Real Company Product)/44.2 Logging policies: what to store and redact
44.2 Logging policies: what to store and redact
Overview and links for this section of the guide.
On this page
What to Log
| Data | Log? | Retention |
|---|---|---|
| Request ID | Yes | Forever |
| Timestamp | Yes | Forever |
| User ID (hashed) | Yes | 90 days |
| Prompt (redacted) | Yes | 30 days |
| Response (redacted) | Yes | 30 days |
| Latency | Yes | Forever |
| Raw user input | No | - |
Redaction
// logging.ts
interface AILog {
requestId: string;
timestamp: Date;
userIdHash: string; // Hashed, not raw
prompt: string; // Redacted
response: string; // Redacted
latencyMs: number;
model: string;
tokensUsed: number;
}
function createLog(request: AIRequest, response: AIResponse): AILog {
return {
requestId: request.id,
timestamp: new Date(),
userIdHash: hash(request.userId),
prompt: redactPII(request.prompt),
response: redactPII(response.text),
latencyMs: response.latencyMs,
model: request.model,
tokensUsed: response.tokensUsed
};
}Retention
// Auto-delete old logs
async function cleanupLogs() {
const thirtyDaysAgo = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000);
await db.logs.deleteMany({
timestamp: { $lt: thirtyDaysAgo },
type: { $in: ['prompt', 'response'] }
});
}