Semafore Docs
Back to semafore.io

Compliance & Trust

Audit and Logging

Overview

Semafore maintains separate audit and operational logs to support compliance, incident review, and internal governance. The audit log provides visibility into platform events at the organisation level; operational logs record infrastructure activity and are not linked to user identities.

Audit Log: What Is Logged

The audit log captures the following events:

  • Authentication: User login, logout, one-time password (OTP) requests
  • Device Management: Device registration, device revocation, approval workflow actions
  • User Management: User invitation, member removal, role changes
  • Organisation Management: Group creation, group modification, membership changes
  • Broadcast Metadata: Sender identity, broadcast timestamp, recipient count (not message content)
  • File Transfer Metadata: File reference ID, timestamp, file size (not file content)

Each audit log entry includes:

  • Event type (e.g., “user_login”, “device_registered”)
  • Timestamp (ISO 8601 UTC)
  • Actor identifier (organisation admin user ID or member sub)
  • Relevant resource identifiers (user ID, device ID, group ID, etc.)

Audit Log: What Is Never Logged

The following data is never captured in the audit log:

  • Message content (plaintext or ciphertext)
  • Message body or subject
  • File content
  • Decryption keys or key material
  • Message recipient lists (only broadcast recipient count is logged, not individual names)
  • Push notification content
  • User passwords or OTP values

Audit Log Access and Export

Access The audit log is accessible via the Semafore web portal (portal.semafore.io) in the Audit Log section. Access is restricted to users with the org_admin role.

Export Organisation administrators can export audit log entries as a CSV file for integration with SIEM tools, compliance workflows, or offline review. The CSV includes all columns listed above (event type, timestamp, actor, resource identifiers).

Retention: Organisation-Level Configuration By default, Semafore retains audit log entries for 12 months. Organisations may configure a shorter retention period (e.g., 90 days, 6 months); retention cannot be extended beyond 12 months.

Operational Logs

Server Logs Semafore’s infrastructure maintains operational logs containing HTTP request metadata:

  • Client IP address
  • Request timestamp
  • HTTP method and path
  • Response status code

These logs are retained for 30 days and are not linked to user identities in routine operation. They are used for capacity planning, security incident investigation, and DDoS detection.

Message Queue Undelivered messages are held in the message queue for up to 7 days, then automatically deleted. These are retained to allow clients that are temporarily offline to retrieve messages upon reconnection; they are not made available to Attomus or third parties.

Compliance Workflows

The audit log is designed to support:

  • Internal Governance: Track who performed what actions and when, for management review and accountability.
  • Incident Response: Investigate security events, unauthorised access, or data anomalies by reviewing the timeline of authentication and device management events.
  • Regulatory Compliance: Provide evidence of controls and user actions to satisfy compliance obligations (e.g., under UK GDPR Article 32 security requirements, or sector-specific regulations).
  • User Data Requests: Support responses to data subject access requests by showing actions related to a specific user.
The audit log provides visibility into platform events and user actions, but does not provide access to message content. Message content remains end-to-end encrypted on-device and is inaccessible even to Attomus administrators.