diff --git a/domain/attachment/endpoint.go b/domain/attachment/endpoint.go
index 5237b1a5..6ff2435b 100644
--- a/domain/attachment/endpoint.go
+++ b/domain/attachment/endpoint.go
@@ -155,10 +155,10 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentDelete)
+
 	a, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
 	d, _ := h.Store.Document.Get(ctx, documentID)
 	go h.Indexer.IndexDocument(ctx, d, a)
@@ -230,10 +230,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentAdd)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeAttachmentAdd)
+
 	all, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
 	d, _ := h.Store.Document.Get(ctx, documentID)
 	go h.Indexer.IndexDocument(ctx, d, all)
diff --git a/domain/audit/mysql/store.go b/domain/audit/mysql/store.go
index 3be82abb..d3746d81 100644
--- a/domain/audit/mysql/store.go
+++ b/domain/audit/mysql/store.go
@@ -25,7 +25,7 @@ type Scope struct {
 	Runtime *env.Runtime
 }
 
-// Record adds event entry for specified user.
+// Record adds event entry for specified user using own DB TX.
 func (s Scope) Record(ctx domain.RequestContext, t audit.EventType) {
 	e := audit.AppEvent{}
 	e.OrgID = ctx.OrgID
diff --git a/domain/block/endpoint.go b/domain/block/endpoint.go
index 82e9e076..02034ba2 100644
--- a/domain/block/endpoint.go
+++ b/domain/block/endpoint.go
@@ -77,10 +77,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeBlockAdd)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeBlockAdd)
+
 	b, err = h.Store.Block.Get(ctx, b.RefID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
@@ -183,10 +183,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeBlockUpdate)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeBlockUpdate)
+
 	response.WriteEmpty(w)
 }
 
@@ -222,9 +222,9 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeBlockDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeBlockDelete)
+
 	response.WriteEmpty(w)
 }
diff --git a/domain/category/endpoint.go b/domain/category/endpoint.go
index be15a45f..cbcc163b 100644
--- a/domain/category/endpoint.go
+++ b/domain/category/endpoint.go
@@ -80,8 +80,6 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeCategoryAdd)
-
 	perm := pm.Permission{}
 	perm.OrgID = ctx.OrgID
 	perm.Who = "user"
@@ -99,6 +97,8 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	ctx.Transaction.Commit()
+
 	cat, err = h.Store.Category.Get(ctx, cat.RefID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
@@ -106,6 +106,8 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryAdd)
+
 	response.WriteJSON(w, cat)
 }
 
@@ -216,10 +218,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeCategoryUpdate)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryUpdate)
+
 	cat, err = h.Store.Category.Get(ctx, cat.RefID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
@@ -287,10 +289,10 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeCategoryDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryDelete)
+
 	response.WriteEmpty(w)
 }
 
@@ -387,10 +389,10 @@ func (h *Handler) SetDocumentCategoryMembership(w http.ResponseWriter, r *http.R
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeCategoryLink)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryLink)
+
 	response.WriteEmpty(w)
 }
 
diff --git a/domain/conversion/conversion.go b/domain/conversion/conversion.go
index c66d1f2d..5036ba66 100644
--- a/domain/conversion/conversion.go
+++ b/domain/conversion/conversion.go
@@ -143,6 +143,7 @@ func (h *Handler) convert(w http.ResponseWriter, r *http.Request, job, folderID
 
 	nd, err := processDocument(ctx, h.Runtime, h.Store, filename, job, folderID, fileResult)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -227,6 +228,7 @@ func processDocument(ctx domain.RequestContext, r *env.Runtime, store *domain.St
 		ActivityType: activity.TypeCreated})
 
 	err = ctx.Transaction.Commit()
+
 	if err != nil {
 		err = errors.Wrap(err, "cannot commit new document import")
 		return
diff --git a/domain/document/endpoint.go b/domain/document/endpoint.go
index 1e87f95a..d3961dc8 100644
--- a/domain/document/endpoint.go
+++ b/domain/document/endpoint.go
@@ -85,13 +85,14 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
 		ActivityType: activity.TypeRead})
 
 	if err != nil {
+		ctx.Transaction.Rollback()
 		h.Runtime.Log.Error(method, err)
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
+
 	response.WriteJSON(w, document)
 }
 
@@ -225,6 +226,7 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 	// if space changed for document, remove document categories
 	oldDoc, err := h.Store.Document.Get(ctx, documentID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -242,10 +244,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeDocumentUpdate)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeDocumentUpdate)
+
 	a, _ := h.Store.Attachment.GetAttachments(ctx, documentID)
 	go h.Indexer.IndexDocument(ctx, d, a)
 
@@ -331,10 +333,10 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		SourceType:   activity.SourceTypeDocument,
 		ActivityType: activity.TypeDeleted})
 
-	h.Store.Audit.Record(ctx, audit.EventTypeDocumentDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeDocumentDelete)
+
 	go h.Indexer.DeleteDocument(ctx, documentID)
 
 	response.WriteEmpty(w)
@@ -474,13 +476,14 @@ func (h *Handler) FetchDocumentData(w http.ResponseWriter, r *http.Request) {
 		ActivityType: activity.TypeRead})
 
 	if err != nil {
+		ctx.Transaction.Rollback()
 		h.Runtime.Log.Error(method, err)
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeDocumentView)
+
 	response.WriteJSON(w, data)
 }
 
diff --git a/domain/page/endpoint.go b/domain/page/endpoint.go
index 53a4c988..7a479847 100644
--- a/domain/page/endpoint.go
+++ b/domain/page/endpoint.go
@@ -171,10 +171,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		SourceType:   activity.SourceTypePage,
 		ActivityType: activity.TypeCreated})
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSectionAdd)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSectionAdd)
+
 	np, _ := h.Store.Page.Get(ctx, pageID)
 	go h.Indexer.IndexContent(ctx, np)
 
@@ -385,6 +385,7 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 
 	oldPageMeta, err := h.Store.Page.GetPageMeta(ctx, pageID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteBadRequestError(w, method, err.Error())
 		h.Runtime.Log.Error(method, err)
 		return
@@ -407,16 +408,16 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 
 	err = h.Store.Page.Update(ctx, model.Page, refID, ctx.UserID, skipRevision)
 	if err != nil {
-		response.WriteServerError(w, method, err)
 		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
 	}
 
 	err = h.Store.Page.UpdateMeta(ctx, model.Meta, true) // change the UserID to the current one
 	if err != nil {
-		response.WriteServerError(w, method, err)
 		ctx.Transaction.Rollback()
+		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
 	}
@@ -744,10 +745,10 @@ func (h *Handler) ChangePageSequence(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSectionResequence)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSectionResequence)
+
 	response.WriteEmpty(w)
 }
 
@@ -813,10 +814,10 @@ func (h *Handler) ChangePageLevel(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSectionResequence)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSectionResequence)
+
 	response.WriteEmpty(w)
 }
 
@@ -932,10 +933,10 @@ func (h *Handler) Copy(w http.ResponseWriter, r *http.Request) {
 		SourceType:   activity.SourceTypePage,
 		ActivityType: activity.TypeCreated})
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSectionCopy)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSectionCopy)
+
 	np, _ := h.Store.Page.Get(ctx, pageID)
 
 	response.WriteJSON(w, np)
@@ -1127,12 +1128,15 @@ func (h *Handler) Rollback(w http.ResponseWriter, r *http.Request) {
 
 	p, err := h.Store.Page.Get(ctx, pageID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
+		h.Runtime.Log.Error(method, err)
 		return
 	}
 
 	meta, err := h.Store.Page.GetPageMeta(ctx, pageID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -1140,6 +1144,7 @@ func (h *Handler) Rollback(w http.ResponseWriter, r *http.Request) {
 
 	revision, err := h.Store.Page.GetPageRevision(ctx, revisionID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -1176,10 +1181,10 @@ func (h *Handler) Rollback(w http.ResponseWriter, r *http.Request) {
 		SourceType:   activity.SourceTypePage,
 		ActivityType: activity.TypeReverted})
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSectionRollback)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSectionRollback)
+
 	response.WriteJSON(w, p)
 }
 
diff --git a/domain/permission/endpoint.go b/domain/permission/endpoint.go
index 2fe3a4af..5a3edae2 100644
--- a/domain/permission/endpoint.go
+++ b/domain/permission/endpoint.go
@@ -210,10 +210,10 @@ func (h *Handler) SetSpacePermissions(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSpacePermission)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSpacePermission)
+
 	response.WriteEmpty(w)
 }
 
@@ -392,10 +392,10 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request)
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeCategoryPermission)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeCategoryPermission)
+
 	response.WriteEmpty(w)
 }
 
@@ -581,9 +581,9 @@ func (h *Handler) SetDocumentPermissions(w http.ResponseWriter, r *http.Request)
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeDocumentPermission)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeDocumentPermission)
+
 	response.WriteEmpty(w)
 }
diff --git a/domain/pin/endpoint.go b/domain/pin/endpoint.go
index 845844e1..607ef77c 100644
--- a/domain/pin/endpoint.go
+++ b/domain/pin/endpoint.go
@@ -93,10 +93,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypePinAdd)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypePinAdd)
+
 	newPin, err := h.Store.Pin.GetPin(ctx, pin.RefID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
@@ -179,10 +179,10 @@ func (h *Handler) DeleteUserPin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypePinDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypePinDelete)
+
 	response.WriteEmpty(w)
 }
 
@@ -241,10 +241,10 @@ func (h *Handler) UpdatePinSequence(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypePinResequence)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypePinResequence)
+
 	newPins, err := h.Store.Pin.GetUserPins(ctx, userID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
diff --git a/domain/section/endpoint.go b/domain/section/endpoint.go
index 0cc30603..794119aa 100644
--- a/domain/section/endpoint.go
+++ b/domain/section/endpoint.go
@@ -116,9 +116,9 @@ func (h *Handler) RefreshSections(w http.ResponseWriter, r *http.Request) {
 			continue
 		}
 		if err2 != nil {
+			ctx.Transaction.Rollback()
 			h.Runtime.Log.Error(method, err)
 			response.WriteServerError(w, method, err)
-			ctx.Transaction.Rollback()
 			return
 		}
 
diff --git a/domain/section/register.go b/domain/section/register.go
index fb8e9ba4..bf60f3f9 100644
--- a/domain/section/register.go
+++ b/domain/section/register.go
@@ -21,6 +21,7 @@ import (
 	"github.com/documize/community/domain/section/gemini"
 	"github.com/documize/community/domain/section/github"
 	"github.com/documize/community/domain/section/markdown"
+	// "github.com/documize/community/domain/section/mermaid"
 	"github.com/documize/community/domain/section/papertrail"
 	"github.com/documize/community/domain/section/provider"
 	"github.com/documize/community/domain/section/table"
@@ -40,6 +41,7 @@ func Register(rt *env.Runtime, s *domain.Store) {
 	provider.Register("trello", &trello.Provider{Runtime: rt, Store: s})
 	provider.Register("wysiwyg", &wysiwyg.Provider{Runtime: rt, Store: s})
 	provider.Register("airtable", &airtable.Provider{Runtime: rt, Store: s})
+	// provider.Register("mermaid", &mermaid.Provider{Runtime: rt, Store: s})
 
 	p := provider.List()
 	rt.Log.Info(fmt.Sprintf("Registered %d sections", len(p)))
diff --git a/domain/setting/endpoint.go b/domain/setting/endpoint.go
index 1a31d869..cdb898b8 100644
--- a/domain/setting/endpoint.go
+++ b/domain/setting/endpoint.go
@@ -87,6 +87,8 @@ func (h *Handler) SetSMTP(w http.ResponseWriter, r *http.Request) {
 
 	h.Store.Setting.Set("SMTP", config)
 
+	ctx.Transaction.Commit()
+
 	h.Store.Audit.Record(ctx, audit.EventTypeSystemSMTP)
 
 	response.WriteEmpty(w)
@@ -253,9 +255,9 @@ func (h *Handler) SetAuthConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSystemAuth)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSystemAuth)
+
 	response.WriteEmpty(w)
 }
diff --git a/domain/space/endpoint.go b/domain/space/endpoint.go
index e058e92f..56efe89d 100644
--- a/domain/space/endpoint.go
+++ b/domain/space/endpoint.go
@@ -144,6 +144,7 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 
 		spCloneRoles, err := h.Store.Permission.GetSpacePermissions(ctx, model.CloneID)
 		if err != nil {
+			ctx.Transaction.Rollback()
 			response.WriteServerError(w, method, err)
 			h.Runtime.Log.Error(method, err)
 			return
@@ -166,6 +167,7 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		toCopy := []doc.Document{}
 		spCloneTemplates, err := h.Store.Document.TemplatesBySpace(ctx, model.CloneID)
 		if err != nil {
+			ctx.Transaction.Rollback()
 			response.WriteServerError(w, method, err)
 			h.Runtime.Log.Error(method, err)
 			return
@@ -422,10 +424,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSpaceUpdate)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSpaceUpdate)
+
 	response.WriteJSON(w, sp)
 }
 
@@ -504,10 +506,10 @@ func (h *Handler) Remove(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSpaceDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSpaceDelete)
+
 	response.WriteEmpty(w)
 }
 
@@ -590,10 +592,10 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSpaceDelete)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSpaceDelete)
+
 	response.WriteEmpty(w)
 }
 
@@ -736,6 +738,7 @@ func (h *Handler) Invite(w http.ResponseWriter, r *http.Request) {
 
 	inviter, err := h.Store.User.Get(ctx, ctx.UserID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -844,9 +847,9 @@ func (h *Handler) Invite(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeSpaceInvite)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeSpaceInvite)
+
 	response.WriteEmpty(w)
 }
diff --git a/domain/storer.go b/domain/storer.go
index 76efe235..fe844d4a 100644
--- a/domain/storer.go
+++ b/domain/storer.go
@@ -156,6 +156,7 @@ type PinStorer interface {
 
 // AuditStorer defines required methods for audit trails
 type AuditStorer interface {
+	// Record logs audit entry using own DB Transaction
 	Record(ctx RequestContext, t audit.EventType)
 }
 
diff --git a/domain/template/endpoint.go b/domain/template/endpoint.go
index 1bac47aa..daae1b99 100644
--- a/domain/template/endpoint.go
+++ b/domain/template/endpoint.go
@@ -147,6 +147,7 @@ func (h *Handler) SaveAs(w http.ResponseWriter, r *http.Request) {
 	var pageModel []page.NewPage
 
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -158,6 +159,7 @@ func (h *Handler) SaveAs(w http.ResponseWriter, r *http.Request) {
 
 		meta, err2 := h.Store.Page.GetPageMeta(ctx, p.RefID)
 		if err2 != nil {
+			ctx.Transaction.Rollback()
 			response.WriteServerError(w, method, err2)
 			h.Runtime.Log.Error(method, err)
 			return
@@ -215,11 +217,11 @@ func (h *Handler) SaveAs(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeTemplateAdd)
-
 	// Commit and return new document template
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeTemplateAdd)
+
 	doc, err = h.Store.Document.Get(ctx, docID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
@@ -362,10 +364,10 @@ func (h *Handler) Use(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeTemplateUse)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeTemplateUse)
+
 	nd, err := h.Store.Document.Get(ctx, documentID)
 	if err != nil {
 		response.WriteServerError(w, method, err)
diff --git a/domain/user/endpoint.go b/domain/user/endpoint.go
index 4900cc62..8112af42 100644
--- a/domain/user/endpoint.go
+++ b/domain/user/endpoint.go
@@ -170,6 +170,8 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	ctx.Transaction.Commit()
+
 	if addUser {
 		event.Handler().Publish(string(event.TypeAddUser))
 		h.Store.Audit.Record(ctx, audit.EventTypeUserAdd)
@@ -180,8 +182,6 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 		h.Store.Audit.Record(ctx, audit.EventTypeAccountAdd)
 	}
 
-	ctx.Transaction.Commit()
-
 	// If we did not add user or give them access (account) then we error back
 	if !addUser && !addAccount {
 		response.WriteDuplicateError(w, method, "user")
@@ -382,12 +382,12 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	ctx.Transaction.Commit()
+
 	h.Store.Audit.Record(ctx, audit.EventTypeUserDelete)
 
 	event.Handler().Publish(string(event.TypeRemoveUser))
 
-	ctx.Transaction.Commit()
-
 	response.WriteEmpty(w)
 }
 
@@ -474,10 +474,10 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeUserUpdate)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeUserUpdate)
+
 	response.WriteEmpty(w)
 }
 
@@ -515,6 +515,7 @@ func (h *Handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 
 	u, err := h.Store.User.Get(ctx, userID)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -577,8 +578,9 @@ func (h *Handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err == sql.ErrNoRows {
-		response.WriteEmpty(w)
+		ctx.Transaction.Rollback()
 		h.Runtime.Log.Info(fmt.Sprintf("User %s not found for password reset process", u.Email))
+		response.WriteEmpty(w)
 		return
 	}
 
@@ -621,6 +623,7 @@ func (h *Handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
 
 	u, err := h.Store.User.GetByToken(ctx, token)
 	if err != nil {
+		ctx.Transaction.Rollback()
 		response.WriteServerError(w, method, err)
 		h.Runtime.Log.Error(method, err)
 		return
@@ -636,9 +639,9 @@ func (h *Handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	h.Store.Audit.Record(ctx, audit.EventTypeUserPasswordReset)
-
 	ctx.Transaction.Commit()
 
+	h.Store.Audit.Record(ctx, audit.EventTypeUserPasswordReset)
+
 	response.WriteEmpty(w)
 }