Documentation

Audit log

Append-only, tamper-evident record of every action in your tenant.

Last updated May 6, 2026

Every action that affects compliance state is recorded. The log is append-only and tamper-evident.

What's logged

User events: sign in, sign out, role change, GitHub re-auth.
Repo events: connected, disconnected.
Scan events: requested, started, completed, failed.
Document events: generated, approved, published, archived.
Subprocessor events: added, modified, removed.
DPA events: signed, version diff sent.
Webhook events: delivered, failed, replayed.

Each entry includes the SHA-256 of the previous entry, forming a hash chain. The current head hash is published on your trust center at /audit-head.txt. If anyone modifies an entry, the chain breaks and any verifier (including auditors) can detect the modification.

Retention

13 months by default. Extendable to 7 years on Enterprise.

Export

Settings → Audit Log → Export. CSV, JSON, or PDF. The PDF includes the head hash and a signed (Ed25519) verifier you can include in audit responses.

Programmatic access

curl https://api.attestly.dev/v1/audit \
  -H "Authorization: Bearer $ATTESTLY_API_KEY" \
  -G --data-urlencode "since=2026-01-01"

Returns NDJSON, one event per line. Paginate with the next cursor in the last line of each page.

What's logged

Tamper evidence

Retention

Export

Programmatic access