# Audit trail and security

Source: https://developer.avalara.com/tax-transparency/vcu8412777608606/

# Audit trail and security

Understand how the AI agent logs interactions for audit and compliance, ensures security, and handles data responsibly.

All AI agent interactions are logged for audit and compliance purposes.

-   **Audit events**: Each “Explain the tax” request is logged with user ID, transaction ID, timestamp, and explanation type requested. Follow-up questions are also logged with contextual information.

-   **Security**: All AvaTax API calls are executed through secure MCP using existing connector authentication. The AI agent doesn’t store credentials. Data access follows the user’s existing role permissions.

-   **Data handling**: Transaction data retrieved for explanation purposes isn’t persisted beyond the active session. Explanations are generated in real time.

-   **Compliance**: Explanation logs can be exported to support SOC 2 compliance and internal audit requirements.