When a restaurant chain is audited, the first question is: "When, by whom, and for what reason was this record changed?" If you can't answer, even the most perfect financial statement doesn't count as compliant. The digital audit trail is what answers that question.
In Gastrolie, every data change — a sale entry, a staff hours correction, a recipe cost update — is appended as a new audit_log row. The old value isn't deleted; the new value doesn't overwrite. The timeline just grows.
Two core pillars
- Who/What/When/Why: user id, mutation type, timestamp, short note — mandatory on every row.
- Immutable append-only: log entries cannot be altered or deleted. Enforced at the DB layer with PostgreSQL triggers.
GoBD §146 mandates this model for financial records in Germany. GDPR requires erasing personal data — so how do you erase personal data while preserving the audit trail? The answer: the data itself is anonymised (e.g. "Jan Schmidt" → "user_8374"), while the trail remains intact. That's the only way to satisfy both laws together.