Data Retention & Audit Trail
docs101 provides built-in audit logging to give you full transparency over who changed what and when. This page explains what data is recorded, why, and how long it is kept.
What docs101 Logs
Every critical business action is recorded in the Audit Log:
| Action Type | Examples |
|---|---|
| Invoice lifecycle | Finalized, sent, marked as paid, canceled |
| Customer management | Created, updated, deleted |
| Company settings | Name, address, VAT number, and other business details changed |
| Team management | User login, members invited, members removed |
Each entry captures:
- Who performed the action (user name and ID)
- What was changed (action type, affected entity, details)
- When it happened (UTC timestamp)
Why Audit Logging Matters
Accountability & Compliance
For businesses operating in the EU, maintaining an audit trail supports:
- GoBD compliance (Germany) — Traceability of business-relevant data changes
- Internal controls — Know who modified customer data or company settings
- Dispute resolution — Verify when an invoice was sent or marked as paid
Transparency for Your Team
Every company member can view the Audit Log in Settings > Audit Log. This read-only view ensures:
- All team members can verify actions taken on the account
- No single user can make untracked changes
- Handover between team members is seamless
Personal Data in the Audit Log
The Audit Log stores the following personal data for each entry:
| Data | Purpose |
|---|---|
| User name | Snapshot of the display name at the time of the action, used to identify who performed it |
| User ID | Keycloak identifier, retained even if the user is later removed from the team |
This data is stored under the legal basis of legitimate interest (accountability and compliance) and contract fulfillment (providing the docs101 service).
For details on how docs101 processes your data, including subprocessors and security measures, see the Data Processing Agreement.
Retention Policy
| Data Type | Retention | Details |
|---|---|---|
| Audit Log entries | 30 days | Entries older than 30 days are automatically deleted daily |
| Invoice data | Account lifetime | Subject to applicable legal retention periods (e.g., 10 years in Germany) |
| Customer data | Account lifetime | Deletion available upon request |
The Audit Log only records actions from the moment it is activated. Historical actions performed before the feature was available are not retroactively logged.
Viewing the Audit Log
- Go to Settings
- Click the Audit Log tab
- Use filters to narrow by category, date range, or user
For a detailed walkthrough, see the Audit Log guide.