VineOS Logo VineOS
Home Login

Audit Guidelines

Last Updated: June 19, 2026

This document details the compliance and audit-logging guidelines for administrators managing **VineOS** deployments. It provides structured parameters to audit financial ledgers, row-level data boundaries, and system modifications.

1. Financial Audits & Contributions Matching

To guarantee complete tax compliance and clean accounting records, all online offerings received via the public giving portal must satisfy matching audits:

  • 10-Digit Reconcile Rule: The database engine queries payment profiles against contacts using formatting-insensitive phone matching on the last 10 digits.
  • Ledger Reconciliation: Administrators should audit the ledger weekly under `Finance -> Reconcile` to match unassigned guest contributions to new or existing CRM contact profiles.
  • Receipt Matching: Every contribution automatically issues a unique receipt hash (e.g. `TXN-XXXX-VOS`). This code must match the gateway ledger logs on Stripe.

2. System Audit Logging

VineOS records platform changes in a centralized, read-only system audit table (`public.audit_logs`). Under safety guidelines, the following events must be reviewed by the board monthly:

  • Campus Onboarding: Verifying registration approvals for new church branches, campuses, and campus-wide user caps changes.
  • Leadership Delegations: Reviewing the creation, upgrade, or termination of administrative roles and database logins.
  • Curriculum Changes: Logging updates to K12 syllabus ordering, consolidating courses, or consolidator credentials.

3. Row-Level Security (RLS) Auditing

To comply with data privacy policies, developers and security officers must verify RLS rules on every release:

  • Confirm that RLS policies are enabled on all tables: `ALTER TABLE ... ENABLE ROW LEVEL SECURITY`.
  • Run test queries using role-restricted JWT tokens to ensure that contacts, meeting logs, and tithe ledgers are strictly scoped to the user's `organization_id` and `campus_id`.
  • Verify that all security-definer database functions (which bypass RLS, such as phone number matchers) are restricted to execute access only for authenticated roles and service roles where applicable.

4. Offline Check-In & Retention Audits

Since attendance tracking can happen in low-network regions, check-ins are logged locally on mobile containers and synced asynchronously:

  • Sync Verification: Administrators must verify that local mobile device check-in logs are fully pushed within 48 hours of service assembly.
  • Data Retention: Verify that inactive visitor profiles are archived or deleted under regional compliance rules after designated periods of inactivity.

5. Contact & Support

For technical compliance documentation or audit assistance, contact our security center:

security@vineos.in
www.vineos.in