Skip to main content
Every Guest Pass has at least one expiry condition and a full access log. This page covers how the expiry rules behave in edge cases, and what the access log records.

How expiry works

A pass has up to two expiry conditions, applied in combination:
  • Date-based expiry. The pass stops working at midnight in the brand owner’s time zone on the specified date. Midnight on the date specified is the moment of expiry; the date itself is still valid.
  • View-based expiry. The pass stops working after the specified number of accesses. An access is a unique session from a recipient; reloading the same page within the session does not count as a separate view.
  • Both. If both are set, whichever is reached first ends the pass.
A pass with no expiry cannot be created. Brand Atlas requires at least one limit.

What counts as a view

A view is counted when:
  • The recipient opens any page in the pass scope for the first time in a 30-minute window.
  • A view from a new IP address or browser, even if the recipient is the same person.
  • A view through a forwarded link, when sharing was enabled.
A view is not counted when:
  • The recipient reloads a page within their current session.
  • The pass URL is fetched without rendering (some link previews fire a fetch; the system recognises these and excludes them).
  • The brand owner accesses the pass URL (the owner is recognised by their signed-in session).

What the access log captures

The access log records, for every view:
  • Timestamp. When the view occurred.
  • IP address. The IP the access came from.
  • Approximate location. City and country derived from the IP.
  • Browser and device. User-agent string parsed into readable form.
  • Pages accessed. Which pages within the pass scope were viewed.
  • Files downloaded. Which attached files (if any) were downloaded.
The log does not record what the recipient did beyond viewing pages: cursor movement, time spent, scroll depth.

Where to find the log

For a single pass: open Guest Passes → Active, click the pass, choose Access log. The log for that pass is shown. For an audit across all passes: Settings → Brand Record → Access log shows every Guest Pass access across the atlas, filterable by date, by recipient, by section.

When access is unexpected

The log surfaces three kinds of unusual access:
  1. Access from an unexpected location. A pass issued to a printer in Dubai accessed from outside the UAE. Flagged as a warning; not blocked by default.
  2. Rapid access from multiple IPs. A pass accessed from five IPs in a short period. Could be legitimate (the recipient is travelling, or behind a corporate VPN) but worth checking.
  3. Access after intended use. A pass for a one-week vendor relationship still being accessed three months later, within an over-generous expiry window. The brand owner can revoke.
The Inbox surfaces flagged access events as notifications, with a quick action to revoke.

Geographic restrictions

On Guardian, passes can be restricted to specific countries or specific IP ranges. Settings → Guest Passes → Defaults sets the rule across all passes; individual passes can override. Geographic restrictions are a best-effort defence against pass forwarding. They are not bulletproof; a VPN bypasses them. They raise the bar.

Log retention

The access log retention follows the brand record history retention:
  • Scout. 30 days.
  • Keeper. 12 months.
  • Guardian. Unlimited.
Older log entries are summarised rather than retained at full detail on Scout and Keeper; the summary covers pass identity, recipient, and access count.

Exporting the log

The access log is exportable as a CSV from the Settings → Brand Record → Access log page. Useful for compliance reviews, partner reporting, and audit trails.

Guest Passes explained

The concept.

Creating and revoking

Pass mechanics.

Sharing a single section

The most common use.