Compliance & Trust

Every Action.
Tamper-Evident. Forever.

BlueBird Alerts logs every login, alert activation, roster change, and settings update — then locks each record into a cryptographic chain that makes tampering instantly detectable.

Request a Demo Security Overview

What Gets Logged

Every meaningful action across every platform — web, iOS, and Android — is captured automatically with no configuration required.

Emergency Activations

Who triggered the alert, what type was selected, when the activation occurred, and which device was used.

Login & Access Events

Every sign-in, failed attempt, SSO token exchange, session start, and role change across the platform.

Roster & Settings Changes

Who edited which record, the before/after snapshot of every field change, and who approved imports.

Security Events

Account lockouts, MFA verifications, permission denials, and any admin action that crosses a trust boundary.

Alert Delivery Receipts

Push notification dispatch, SMS delivery confirmations, real-time WebSocket acknowledgements, and channel fallback events.

System Configuration

Tenant settings changes, integration credential updates, billing events, and any super-admin console action.

Tamper-Evident by Design

Logs are only useful if they can be trusted. BlueBird Alerts uses cryptographic hash chaining and immutability triggers to make it mathematically impossible to alter the record without detection.

Hash-chain Live

How the chain works

When an event is written, the system computes a SHA-256 hash of the record’s canonical JSON — including the hash of the previous record. That hash is stored alongside the new record.

Record N−1hash: 7c4b2a1f…

→

Record Nprev: 7c4b2a1f…
hash: a3f8e9d2…

→

Record N+1prev: a3f8e9d2…
hash: 5e1b9c7a…

The database enforces immutability at the SQL level: BEFORE UPDATE and BEFORE DELETE triggers raise an abort error on any attempt to modify or remove a log row. These triggers cannot be bypassed by application code.

A chain verifier can scan the entire log at any time and pinpoint the exact record where any tampering occurred. This is the same principle used by cryptographic ledgers, applied to your school’s event history.

Anatomy of a Log Entry

Every event is structured, typed, and hash-chained. Click any highlighted field to learn what it captures and why it matters.

Click a field to explore it →

{
  "timestamp": ,
  "request_id": ,
  "tenant_id": ,
  : {
    "id": "usr_7a3b9c",
    "name": "Principal Morgan",
    "role": "building_admin"
  },
  "action": ,
  : {
    "type": "alert",
    "id": "alt_9f2e1c",
    "name": "Lockdown — Building A"
  },
  "ip": ,
  "user_agent": ,
  : {
    "before": { "status": "inactive" },
    "after": { "status": "active", "activated_by": "usr_7a3b9c" }
  },
  : {
    "entry_hash": "a3f8e9d2c1b047…",
    "prev_hash": "7c4b2a1f9e0d83…"
  }
}

Click any highlighted field to learn what it means and why it matters.

Retention & Access Control

Logs are kept long enough to matter and protected so only the right people can read them.

Minimum 1-Year Retention

All audit records are retained for at least 12 months. Districts can request extended retention for multi-year compliance requirements.

Admin-Only Read Access

Only building and district admins can view audit logs. Standard user and staff accounts have no access to log data.

No Delete Permission

Audit records cannot be deleted by any account, including super admins. Deletion is blocked at the database trigger level.

Export on Request

Admins can export filtered log data to CSV for offline review, legal discovery, or submission to a district IT audit.

Standards & Compliance Alignment

FERPA (Family Educational Rights and Privacy Act) requires that districts maintain records of who accesses student education records and when. BlueBird’s audit log captures every access event with actor identity, timestamp, and resource metadata to support these requirements directly.

NIST SP 800-92 (Guide to Computer Security Log Management) recommends that logs be protected from unauthorized modification and that organizations retain logs long enough for post-incident analysis. Hash chaining and immutability triggers implement this at the infrastructure level rather than relying on policy alone.

CISA K-12 Security Guidance recommends that schools maintain auditable records of access to safety-critical systems. Every emergency activation, deactivation, and acknowledgement in BlueBird Alerts is logged with full actor attribution and a tamper-evident chain.

Audit log exports are formatted for straightforward review by district IT staff, legal counsel, or third-party auditors without requiring any BlueBird tooling to interpret.

See the Full Security Picture

Audit logs are one layer of BlueBird’s defense-in-depth approach to school safety. See how every piece works together.

Security Overview Request a Demo

Every Action.Tamper-Evident. Forever.