Request Logging & Audit Trail

Every request, action, and system event in Instafill.ai is logged internally for compliance, security investigation, and debugging

Overview

Instafill.ai maintains a backend audit trail of all requests and system events across both the .NET web service and Python processing API. Every form fill session, API call, authentication event, and file operation is captured, timestamped, and tied to the workspace that initiated it.

This logging infrastructure supports compliance requirements in regulated industries - healthcare organizations using Instafill.ai for HIPAA-covered document workflows, financial services firms with SOC 2 obligations, and enterprise customers operating under GDPR data processor agreements all benefit from the fact that platform activity is recorded automatically without any manual configuration.

All log data is indexed in Elasticsearch and scoped to workspaceId, protected by the same JWT authentication middleware that governs all other platform operations.

What Gets Logged

Every significant platform action produces a log entry, including:

• Form fill sessions - when started, when completed, success or failure status
• Source document uploads and processing
• Filled PDF generation and downloads
• API calls - endpoint, response status, and duration
• Batch processing jobs - job-level and row-level events
• Authentication events - logins, failed attempts, and API key creation and revocation
• Workspace and organization membership changes

Log entries are timestamped and tied to the workspaceId and user identity responsible for the action. They capture operational metadata - what happened, when, and to which resource - not the content of filled forms or source documents.

Compliance Alignment

The audit trail is part of Instafill.ai's broader approach to compliance. Automated logging means organizations in regulated industries do not need to build their own record-keeping layer on top of the platform.

• HIPAA: logging of access to PHI-containing document workflows supports HIPAA audit control requirements
• GDPR: event logs tied to user identity support data subject access requests and deletion workflows
• SOC 2: comprehensive request logging contributes to the audit trail requirements under SOC 2 Trust Services Criteria

For full details on Instafill.ai's compliance posture, see the HIPAA, GDPR & SOC 2 Compliance page and the security overview.

Security & Privacy

Log entries capture operational metadata only - form names, field counts, file names, user identity, and timing. Form field values, source document content, and sensitive personal data are never written to logs.

All log data is scoped to workspaceId and protected via the shared JWT authentication middleware running in both the .NET and Python service layers. Log data is encrypted at rest and in transit, consistent with the platform-wide encryption described on the Data Encryption & Security page.