← All articles

Tamper-evident audit trails, explained

26 May 2026 · The Grantledger team · 2 min read

If you only remember one idea about audit trails, make it this: an audit trail is only worth as much as your confidence that nobody changed it. A tamper-evident trail gives you that confidence by design.

The problem with ordinary logs

A normal log is a list of rows in a table. Anyone with the right database access can edit a row, delete one, or insert one with a backdated timestamp, and nothing about the log itself would reveal it. For a casual record that is fine. For grant decisions involving public or charitable money, it is not, because the log is exactly the thing you would reach for when a decision is questioned.

How a hash chain fixes it

A hash is a short fingerprint of some data. Change a single character of the data and the fingerprint changes completely. A hash chain links records together by including each record's fingerprint inside the next one.

The effect is simple and powerful:

  • Each event carries a fingerprint of the event before it.
  • Tampering with an old event changes its fingerprint.
  • That broken fingerprint no longer matches the copy stored in the next event, and the mismatch cascades all the way to the most recent record.

So you cannot quietly rewrite history. Any edit, deletion or insertion in the middle of the chain shows up as a break, and the break points to the exact place it happened.

What this gives a funder

Three things, in plain terms:

  1. Proof, not assertion. You can demonstrate that your record of a decision is intact, rather than asking people to trust it.
  2. Pinpointing. If something is wrong, verification tells you which record, not just that "something" is off.
  3. Speed. When a board, an auditor or a grantee asks how a decision was made, you answer in minutes.

Verify it, do not trust it

The point of tamper-evidence is that you should not have to take anyone's word for it, including the vendor's. A credible system lets you run verification yourself, on demand, and see the chain confirmed for your own funder's records. In Grantledger this is one click, scoped to your tenant, and it tells you the chain is sound or shows you the first row that is not.

That is the difference between a system that says it is trustworthy and one that lets you check. For why this sits at the heart of accountable grantmaking, see what audit-grade actually means.

Share