COMPLIANCE · AUDIT HASH CHAIN

Cryptographic Audit Hash Chain — Verifiable Evidence

Every audit record is mathematically chained to the next. Retroactive change is impossible — any tampering breaks the chain and is detected the moment verification runs.

Why it matters

"The logs cannot be altered" stops being a claim and becomes mathematical proof:

Legal disputes

Claiming "the logs were not altered" carries no weight on its own in court. A cryptographic chain provides mathematical proof — independently verifiable by an expert witness.

GDPR / KVKK audits

When a supervisory authority asks for proof of audit record integrity, the chain verification report is the answer. It operationalises the security obligation under GDPR Article 32 and KVKK Article 12.

ISO 27001 + SOC 2

For independent audit firms, "log immutability" is a gold-tier control point. An audit hash chain makes this control testable and reproducible.

How it works

Three hash fields — a simple but unbreakable mathematical chain:

  1. 01

    Every record is chained

    Each row in the audit log carries three hash fields: prevHash (the previous record's hash), entryHash (a hash of this record's contents), and chainHash (a combination of the two). These three values mathematically tie the chain together.

  2. 02

    Retroactive change is impossible

    Modifying an old record would require recomputing and overwriting every chainHash that follows. This breaks timestamps and is detected the instant verification runs.

  3. 03

    Verification is mathematical

    During verification the server recomputes each record one by one and compares against the stored chainHash. If a single record is corrupted, its id and timestamp are reported — actionable for forensics.

Tenant self-service

From /settings/compliance/audit-chain in the panel, every tenant can verify the integrity of their own chain independently — without raising a support ticket, with a single click.

  • Panel: Settings → Compliance → Audit Hash Chain
  • Chain summary: record count, latest chainHash, first/last entry timestamps
  • "Verify Chain" button: one-click integrity check
  • Result: all valid (green) or broken entry id (red + audit reference)
  • PDF export: for supervisory authority, ISO auditor, or court filing
  • Standard on all plans — not Enterprise-exclusive
Related features. The audit hash chain operates alongside Legal Hold — every legal preservation event is recorded into the chain, so the process itself becomes verifiable. The full enterprise security suite: Enterprise Security.
GET STARTED

Your first send within minutes.

Create your free account. No credit card required. 1,000 sends per month free.

Start free Talk to sales