Audit Logs

What audit logs record

Audit logs record operational events across your organisation. The following events are logged:

Authentication events

• Login
• Logout
• OTP (one-time password) requests

Device management

• Device registration
• Device revocation

User management

• Member invited
• Member role changed
• Member removed

Groups

• Group created
• Group member added
• Group member removed

Broadcasts

• Broadcast sent (sender identity, timestamp, recipient count recorded; message content is not recorded)

File transfers

• File transferred (file reference ID and timestamp recorded; file content is not recorded)

What audit logs do NOT record

Audit logs do not record:

• Message content or message bodies of any kind
• File content
• Message metadata (read receipts, delivery status, etc.)
• Decryption keys or cryptographic material

This is by design. Message content is end-to-end encrypted on your devices and never stored on the server. Administrators cannot access message content.

Accessing audit logs

Open the portal and navigate to Audit Log. Events are listed with timestamp, user, event type, and event detail. You can filter by date range and search by username.

Exporting logs

Click Export as CSV to download audit log entries as a spreadsheet. This is useful for archival, compliance review, or integration with security information and event management (SIEM) systems.

Retention

Audit logs are retained for 12 months by default. Your Attomus account manager can configure a shorter retention period for your organisation if required. Retention cannot be extended beyond 12 months.