Audit
Docyard’s audit system records every significant action as an immutable, append-only log entry. These logs cannot be edited or deleted — by anyone, including Docyard administrators.
What Gets Logged
| Entity Type | Actions Tracked |
|---|
| Artifact | Upload, retrieval, integrity check failure |
| Recipient | Create, update, delete, batch import |
| Policy | Create, update, publish, rollback, version change |
| Recipient Group | Create, update, membership changes, policy assignment |
| Secret | Generate, verify, rotate, revoke |
| Dock | Domain verification, KYC status change, branding update |
Log Entry Structure
Each audit log entry contains:
| Field | Description |
|---|
dockId | The dock where the action occurred |
entityType | Type of resource affected (e.g., recipient, policy) |
entityId | ID of the specific resource |
action | What happened (create, update, delete) |
actor | Who performed the action (user email or system identifier) |
changes | Before/after state for update operations |
metadata | Additional context (e.g., batch ID, import source) |
ipAddress | Source IP of the request |
userAgent | Client user agent string |
createdAt | Timestamp of the event |
Querying Logs
Audit logs support filtering by:
- Dock — required for all queries
- Entity type — filter to a specific resource type
- Entity ID — get the full history of a single resource
- Pagination —
limit and offset for large result sets
Audit log retention varies by plan: 7 days (Starter), 90 days (Professional), custom (Enterprise). Logs beyond the retention window are archived but available on request.
Compliance Exports
For SOC 2 audits, regulatory filings, or internal reviews:
- Query logs with appropriate filters
- Export results as JSON
- Logs include cryptographic chain references for tamper detection
