Data Room Audit Logs (2026): Full Activity Logs for Compliance

Learn what the data room audit log captures, how to use it, and why it matters for due diligence and compliance.

A data room is only as trustworthy as the record of what happened inside it. Sendpaper’s data room audit log gives you a full, chronological history of activity in each room: who opened the room, which files they viewed or downloaded, what your team changed (documents, folders, links, settings), and when it happened. That record is essential for due diligence, audits, and compliance. This guide explains what the audit log captures, how to use it, and why it matters.

What the Audit Log Is

The audit log is a per-data room timeline of actions. Open a data room, go to the Audit log tab, and you see every recorded action in that room, newest first. Each row is one action: who did it (team member or viewer), what they did (in plain language, e.g. “File viewed”, “Document downloaded”, “Documents added”), which item was involved (e.g. a specific document or folder), and the date and time. You can filter by who, by type of action, and by date so you can answer questions like “Did this investor open the cap table?” or “When did we add the legal folder?”

Nothing in this section is hidden behind internal codes: the log is built for people who need to review or prove what happened.

Audit log by plan

The data room audit log is available on Dataroom Advance and Enterprise plans. The table below is a guide; see Pricing for the latest.

If you need full activity logs for compliance and due diligence, use a Dataroom Advance plan or above.

What Gets Logged

Viewer activity

When someone with access opens the room or its content, that activity is logged so you can see who saw what and when.

• Room opened - Someone opened the data room (e.g. via a link). You see who and when.
• File viewed - A document was opened in the browser. You see which document and which viewer.
• Document downloaded - A single file was downloaded. The log entry can be expanded to show device and similar detail when available.
• Folder download - A folder was downloaded. You can expand the row to see which files were in that folder.
• Room (bulk) download - The whole room or a large set was downloaded. Again, expand to see what was included.

So for any viewer you can reconstruct: when they first opened the room, which files they opened, and what they downloaded (by file, folder, or bulk). That supports due diligence (“Did the buyer review the financials?”) and compliance (“Prove who had access to what.”).

Team and content changes

Changes made by your team in the room are also logged. That gives you a full history of how the room was built and updated.

• Room created, updated, or deleted - When the room was created, when settings or status changed, and if it was ever deleted.
• Documents and folders added - When documents or folders were added to the room (including bulk uploads). You see what was added and by whom.
• Folders and documents created, renamed, moved, or removed - New folders or files, renames, moves, and moves to trash (or permanent deletion). Each change is one log entry with the relevant target (folder or document).
• Content reordered - When documents or folders were reordered in the room.
• Links - When links were created, duplicated, archived, activated, deactivated, or when their permissions were updated or reset.
• Groups - When groups were created, updated, or deleted, and when members were added or removed. Useful when you use granular permissions and need to show who had access to which group.
• Q&A - When questions were created, updated, or deleted, and when answers were created, updated, or deleted. Ties into data room Q&A and helps you show how Q&A was used during a process.
• Branding and settings - When room branding or other settings were changed.

So the audit log covers both viewer actions (access and usage) and team actions (content and configuration). Together they form a single timeline for that room.

How to Use the Audit Log

• Where to find it - Open the data room in your dashboard, then open the Audit log tab. The log is scoped to that room only.
• Filters - Use the filters to narrow by who (actor), by type of action, and by date range. That makes it easy to focus on one viewer, one kind of event (e.g. downloads), or a specific period.
• Expandable rows - For some entries (e.g. folder or bulk downloads), you can expand the row to see more detail, such as the list of files included or device information when available.
• Chronological order - Entries are ordered by time, newest first, so you can follow the story of the room or of a specific user.

You don’t need to export to a separate tool to review activity; the log lives inside the room and stays available for as long as you keep the room and the data.

Why This Matters for Compliance

• Due diligence - Buyers, advisors, and auditors often need to confirm who had access to which documents and when. The audit log is your evidence: who opened the room, which files were viewed or downloaded, and when. Same for fundraising: you can show which investors looked at which materials.
• Audits and regulators - When auditors or regulators ask “Who could see this?” or “Who actually opened it?”, you can answer from one place. The log is a clear, tamper-resistant record of access and changes.
• Internal governance - You can see who on your team added, moved, or removed content, who changed links or groups, and how Q&A was used. That supports internal policies and post-deal reviews.

The audit log is not a substitute for legal or compliance advice, but it gives you the raw record many of those processes rely on: full activity logs for the data room, in one place.

How It Fits With the Rest of Sendpaper

• Analytics vs audit log - Data room analytics give you aggregated views: most visited documents and recent visits, with counts and time ranges. The audit log is the full, event-level history. Use analytics for “what’s hot” and “who came recently”; use the audit log when you need the exact sequence of who did what and when.
• Permissions - Who can see the Audit log tab is controlled by your data room permissions. Typically only team members with access to the room can see the log; viewers do not see it.
• Q&A and links - Q&A activity (questions and answers created, updated, deleted) and link and group changes are all in the same audit log, so you have one timeline for both content and access.

How to get the most value from audit logs

You get the best value when the log answers a specific question: who saw what, when, and what changed. Real teams use it to prove access for buyers and auditors, and to close out deals with a clear record. These habits help you get there.

• Start with the question - Before you open the log, know what you need: “Did this investor open the cap table?” or “What did the buyer access during exclusivity?” Filter by person and date range so you get a direct answer instead of scrolling. You get a defensible answer in one place.
• Use one link or group per audience - With granular permissions, give each buyer, investor, or advisor their own link or group. The audit log then shows exactly what that audience did. When someone asks “What did Acme see?”, you filter by that group and show the timeline. No guesswork.
• Check the log around key dates - Term sheet, exclusivity start, signing: these dates matter. Right after each milestone, review the log for that window. You can say who had access before and after, and what they opened or downloaded. That’s what auditors and deal teams expect.
• Use analytics first, then the log - Use data room analytics to see which documents are hot and who’s active. When you need proof (one person, one document, one period), switch to the audit log for the full, line-by-line history. You get the big picture and the evidence in one workflow.
• Make the log part of every close-out - At the end of diligence or a round, review the audit log and keep it with your deal files. You always have a single record of who had access to what. When an auditor or counterparty asks later, you’re ready.