Compliance & Trust
Audit and Logging
Overview
SemaFore maintains separate audit and operational logs to support governance, incident review, and platform reliability.
The audit log provides visibility into organisation-level events. Operational logs support service security and operations. Neither is a path to message content.
Audit events
The audit log captures platform events such as:
- login and OTP request activity
- device registration, approval, denial, and revocation
- member invitation, removal, and role changes
- group creation, rename, archive, and membership changes
- broadcast send events
- file transfer events
What is never logged
The following data is never exposed through audit logging:
- message content
- file content
- decryption keys or key material
- OTP values
Export and governance
Organisation administrators can review audit events in the portal and export them as CSV for governance or offline review.
Operational logs
Operational server logs include network and request metadata such as IP addresses, request timestamps, paths, and status codes. These support security and abuse prevention.
Audit logging supports governance and incident review. It does not provide a way to read encrypted messages.