The Audit Log provides a comprehensive, immutable record of all activity within your team. It is designed to meet HIPAA compliance requirements and is available on the Enterprise plan.
What Is the Audit Log
The audit log automatically captures every significant action performed by team members, including form modifications, response access, member management changes, and configuration updates. Every log entry includes who performed the action, what they did, when it happened, and additional context such as IP address and user agent.
What Events Are Tracked
The audit log captures the following event types:
| Event Type | Description |
|---|---|
| form.created | A team member created a new form |
| form.updated | A form's settings, questions, or logic were modified |
| form.published | A form was published (made live) |
| form.unpublished | A form was taken offline |
| form.deleted | A form was deleted |
| form.viewed | A team member opened a form in the builder |
| response.viewed | A team member viewed individual response data |
| response.exported | Response data was exported (CSV, API) |
| response.deleted | A response was deleted |
| member.invited | A new member was invited to the team |
| member.joined | An invited member accepted and joined |
| member.removed | A member was removed from the team |
| member.role_changed | A member's role was changed |
| guest.invited | A guest was invited to a specific form |
| guest.removed | A guest's access was revoked |
| team.settings_updated | Team settings were modified |
| team.branding_updated | Team branding defaults were changed |
| team.domain_updated | Subdomain or custom domain configuration changed |
| billing.plan_changed | The team plan was upgraded or downgraded |
| billing.seats_changed | The number of paid seats was adjusted |
| api.key_created | A new API key was generated |
| api.key_revoked | An API key was revoked |
| webhook.configured | A webhook endpoint was added or modified |
Viewing the Activity Tab
To access the audit log:
- Navigate to your team settings.
- Select the Activity tab.
- The log displays events in reverse chronological order (most recent first).
Each entry shows:
- Timestamp — When the action occurred (in your local timezone).
- User — Who performed the action (name and email).
- Action — The type of event (e.g., "form.published").
- Details — Contextual information about the action (e.g., form name, member email).
- IP Address — The IP from which the action was performed.
Filtering by Action, User, and Date Range
The audit log supports filtering to help you find specific events:
- Action filter — Select one or more event types from the dropdown to narrow results (e.g., show only "member.removed" events).
- User filter — Filter by a specific team member to see all their activity.
- Date range — Set a start and end date to view activity within a specific period.
Filters can be combined. For example, you can view all "response.exported" events by a specific user within the last 30 days.
Exporting Activity to CSV
To export the audit log:
- Apply any desired filters.
- Click Export to CSV.
- The export includes all filtered events with full details (timestamp, user, action, details, IP address).
Exported CSV files can be imported into compliance tools, SIEM systems, or spreadsheets for further analysis.
HIPAA Compliance and Retention
The NueForm audit log is designed with healthcare and regulatory compliance in mind:
- Minimum 6-year retention — All audit log entries are retained for a minimum of 6 years, meeting HIPAA's record retention requirements.
- Immutable logs — Once recorded, audit entries cannot be modified or deleted, even by team owners. This ensures the integrity of the audit trail.
- Encrypted at rest — All log data is encrypted using AES-256 encryption.
- Encrypted in transit — All log data is transmitted over TLS 1.2+.
- No PHI in logs — The audit log records actions and metadata but does not store protected health information (PHI) directly. Response content is not included in log entries.
While the audit log itself does not contain PHI, the events it tracks (such as "response.viewed") can reveal access patterns. Treat the audit log with the same care as other sensitive compliance data.
Who Can Access
The audit log is accessible to admins and owners only. Editors and viewers cannot view the Activity tab or export audit data.
Related
- Teams — Team management and roles
- Guest Access — External collaborator access
- Teams API — Audit Logs — Programmatic access to audit data