File versioning and auditability

A data room is trustworthy only when two questions are always answerable: what did a document say before it was changed, and who saw or did what, and when. Waafir answers both at all times, with no manual record-keeping on your part.

Version retention on every change

When you upload a new version of a file that already exists in a data room folder, Waafir neither overwrites the old version nor rejects the upload as a conflict. It recognises that you are replacing an existing document, records the new upload as the next version, and keeps every earlier version intact. The data room shows the current version; the full history remains available behind it.

An overwrite is therefore never destructive. If a wrong file is uploaded over a correct one, the earlier version is still available to restore. Version history is automatic and applies to every file in the room — there is no need to save a copy first.

Deletion recovery

Deleting a file does not immediately destroy it. The file is soft-deleted and enters a 30-day recovery window during which it can be restored. Only after that window does it become permanently unrecoverable. Combined with version history, this makes the two most common ways to lose work — overwriting a file and deleting a file — reversible by default.

What immutability means here

Waafir does not provide a write-once, read-many store where bytes can never change; files can be replaced, which is the purpose of versioning. What is immutable is the history and the record of actions. Earlier versions are preserved rather than overwritten, and the log of who did what is append-only: it accumulates and is not edited after the fact. Immutability in Waafir means the trail is trustworthy, not that documents are frozen.

The audit trail

Waafir records the actions that matter for compliance and dispute resolution:

• Access and engagement. Document views and downloads are recorded per data room — who opened what, and how long they spent — which also powers the investor engagement analytics.
• Consent. When an investor accepts an NDA, your terms, or a privacy policy, the acceptance is stored as a durable consent record including the identity, timestamp, IP address, and browser. This is evidence that a given party agreed to a given document at a given time.
• System events. Significant actions — an investor being registered, access being granted or revoked — are written to an audit log as they happen, so the sequence of events is reconstructable later.

Because these records accumulate rather than being rewritten, the audit trail is defensible: you can show not only the current state of a data room but how it reached that state.

Where to go next

• Sharing and access — the permission and revocation model the audit trail records.
• Data rooms — why versioning, recovery, and audit are all scoped to a room.