Each transaction occurring during the process of signing a document is securely stored. Once a document has been completed, this log is then translated into an Audit Trail and attached to your final PDF document. However, you can also access a non-PDF version of your Audit Trail for any completed document by navigating to your Completed Documents list and selecting "Audit Trail" from the righthand button menu.
⚠️You might notice unknown IP addresses in your audit logWhen a document is sent via email, it is good to keep in mind that some email clients have virus scanners included, which will open links in the email to scan them for malware. The scanner may scan the received signing link, and the scan can be performed from any IP address, not necessarily from the signer's IP. That IP address will be shown in the "document viewed" log as the signer himself opened the document from that address. |
Tip: To prevent having unknown addresses in the Audit Trail you can use the Signer Authentication feature. That way, the document interface will be blurred and the access restricted until the authentication code is entered.
| Audit Log Type | When does it occur? | |
| Document creation-state logs | ||
 | document created | Occurs every time when a document is created. |
 | document sent | Occurs every time when a document is sent to a signer. It is created once for every signer (even if the signer is the document owner). |
 | signer authentication | Occurs when signer authentication via SMS is enabled for a signer. |
Signer triggered logs | ||
 | document viewed | Occurs when the document is viewed by signers. |
 | document signed | Occurs when the document is signed by a signer. Conditions: If this was the last required signer, followed by document completed. |
 | document declined | Occurs when a document is declined by a signer. Implications: Followed by document cancelled |
 | signer bounced | Occurs when email delivery fails for a signer, also known as bounce. Implications: Followed by document cancelled |
 | signer removed | Occurs when a signer is removed from the signer list. Conditions: This is possible only if the document has optional signers. Implications: If all signers are removed this will cause the document to be cancelled, Followed by document cancelled’ |
 | document forwarded | Occurs when a signer forwards the document to some other person for signing. Forwarding always includes information about the name and email of the new signer and it might include a forwarding reason as well. Conditions: It is not possible to forward documents with 2FA enabled. However, it is possible to forward documents when PIN is enabled, after successful PIN entry. The new signer will be asked for a PIN as well. Implications: Followed by ‘document_sent’ log for sending to a new signer. |
Team member triggered logs | ||
 | signer removed | Occurs when a signer is removed from the signer list. Conditions: This is possible only if the document has optional signers. Implications: If all signers are removed this will cause the document to be cancelled, Followed by document cancelled’ |
 | document revoked | Occurs when the document is cancelled by the owner or a team member with privileges to cancel documents. Implications: Followed by document cancelled |
| System triggered logs | ||
 | document expired | Occurs if the document is not completed within the given expiry time frame. Implications: This action is triggered by Xodo Sign automatically. |
Document end-states logs | ||
 | document completed | Occurs when the document is successfully completed. |
 | document cancelled | Occurs when the document is cancelled for any reason. |