Admin Guide
Audit Logs
What audit logs record
Audit logs record operational events across your organisation. Typical entries include:
- authentication events such as login and OTP requests
- device registration, approval, denial, and revocation
- member invitation, role changes, and removal
- group creation, rename, archive, and membership changes
- broadcast sends, including sender identity, timestamp, and recipient count
- file transfer events, including file reference identifiers and timestamps
What audit logs do not record
Audit logs do not record:
- message content
- file content
- decryption keys or other cryptographic material
- decrypted notification text
This is by design. Message content remains end-to-end encrypted on user devices and is not available to administrators.
Accessing and exporting audit logs
Open the portal and navigate to Audit Log. Events are listed with timestamp, actor, event type, and event detail.
Organisation administrators can export audit log entries as CSV for governance, incident review, or offline reporting.
Relationship to message retention
Organisation message-retention policy applies to message bodies and file attachments only. Audit events are not removed by message-retention expiry.
The audit log is designed to support governance and compliance review. It does not provide access to encrypted message content.