Why on-device? Is the cloud not easier?

If proving you control sensitive data requires shipping it to someone else's cloud first, the proof is broken. Probatum's local-LLM pipeline means data residency is a property of the architecture, not a marketing claim.

What happens during a real audit?

Your auditor receives a W3C Verifiable Credential. They run our open-source verifier CLI and confirm the Ed25519 signature, revocation status, and hash chain. No portal. No login. No trust required.

Is there really a free trial without a credit card?

Yes. 14 days, full features. Cancel from your dashboard in one click. No demo call required.

How is Max ($799) worth 2.7× Pro ($299)?

Max unlocks signed W3C VCs, all three AI-governance frameworks (ISO 42001, EU AI Act, NIST AI RMF), four frameworks instead of one, and unlimited queries.

Public pricing — $299/mo Pro · $799/mo Max

Trust, proven by cryptography. Not promises.

Runs on your laptop. Signs every finding. Your auditor verifies the math — offline.

Start free trial or verify a real evidence package

How a single answer becomes proof

Watch a finding become cryptographic proof.

The only AI governance auditor that runs on your laptop, keeps every document on your machine, and signs every finding with verifiable evidence. 12 frameworks. $299/month. No demo required.

You ask a question
plain English, on your machine
Probatum finds the evidence
cited and reranked — never invented
It checks every claim
ungrounded claims get flagged, not shipped
It signs and seals the proof
Ed25519 · SHA-256 · W3C VC

your question

“Does our password policy meet SOC 2 CC6.1?”

stays on your machine

Tamper-evident. Change one byte and the proof breaks.

Try it yourself

No credit card
No demo required
Cancel in 1 click
Data never leaves your machine

The cost of compliance theater

Every quarter you delay, the math gets uglier.

The frameworks aren’t getting softer. The fines aren’t getting smaller. And the questionnaires aren’t getting shorter.

$4.45M

Average cost of a data breach — the bill arrives whether or not your evidence was real.

Source: IBM Cost of a Data Breach Report 2024

€35M

Maximum EU AI Act fine — or 7% of global turnover, whichever is higher. Enforcement begins phasing in 2026.

Source: EU AI Act, Article 99

4–6 months

Typical SOC 2 Type II prep before you can answer a single security questionnaire.

Source: AICPA + industry benchmarks

The paradigm shift

Your auditor wants evidence, not theater.

Compliance vendors built spreadsheet factories. Probatum builds the only thing an auditor can actually verify — math.

Compliance theater

✕Months of manual prep
✕Spreadsheets your auditor has to trust
✕Reports only verifiable inside the vendor portal
✕AI hallucinations silently enter evidence
✕Audit trail editable by the vendor
✕Your documents shipped to a SaaS cloud

Trust-Native

✓Answers in seconds — not months
✓Cryptographic proof auditors verify offline
✓Every claim grounded; hallucinations flagged
✓12 frameworks, unified
✓Hash-chained audit log — tamper-evident
✓Documents never leave your machine

What makes it different

Six things no demo-gated SaaS can match.

Tamper-proof history auditors trust

SHA-256 linked entries. Alter any record and the chain breaks — immediately detectable.

Signed evidence your auditor verifies offline

Ed25519-signed W3C VCs. Your auditor verifies independently — no account, no portal, no trusting you.

Your documents never leave your machine

LLM inference, embeddings, and vector search all run locally on your device. Zero data egress.

Every answer grounded — or flagged

Claims that can't be traced to evidence are flagged before they enter the record. No silent hallucinations.

12 frameworks, one platform

Dedicated control-mapping for SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, NIST CSF, EU AI Act, and more.

Every claim cites its source

Cross-encoder reranked retrieval. Every answer cites the exact document and paragraph.

Live cryptographic demo

One question. Cited evidence. Signed proof. No signup.

Pick a framework. Watch your local pipeline retrieve, grade, sign, and chain — end-to-end. Same flow Probatum runs on your machine.

Sample scenario:

your query · stays on your machine

Does our password policy satisfy SOC 2 CC6.1?

processed on-device · no egress

Sending query (local-only)
Retrieving & reranking evidence
Grading for grounding
Signing & chaining

cited evidence · 2 chunks

security_policy_v3.pdfp. 4
“Passwords must be at least 12 characters and include a mix of uppercase, lowercase, numbers, and symbols.”
access_review_2024_q3.pdfp. 1
“Quarterly access review completed 2024-09-15. All privileged accounts verified and recertified.”

graded answer

Your password policy satisfies CC6.1. Evidence: 12-char minimum enforced, MFA required for admins, quarterly access reviews documented.

W3C Verifiable Credential

framework: SOC 2 Type II
control: CC6.1
grounding: 0.94
signature: ⋯ pending
chain_hash: ⋯ pending
status: ⋯

Demo data only — real pipeline runs on your machine. Latency is artificially staged so each step is visible.

Cryptographic proof

Verify any audit report — yourself. No account.

Every evidence report ships as a W3C Verifiable Credential. Your auditor checks the Ed25519 signature and revocation status without logging into a portal. The proof is portable, public, and falsifiable.

Ed25519 signature verified client-side
Revocation via W3C StatusList2021
DID document publicly inspectable
Open-source verifier CLI you can audit

Open verifier Inspect a real VC

W3C Verifiable Credential verified

status: Valid — Not Revoked
framework: SOC 2 Type II
controls: CC6.1, CC6.2, CC7.2, CC8.1
score: 0.94
signature: Ed25519 ✓ 4f8a…b9e2
issuer: did:key:z6MkpTHR8VNsBxYAAWHu…
chain_hash: a3f8b2c1d4e5f607…
issued_at: 2026-05-23T14:08:42Z

Framework coverage

12 frameworks. One platform. AI governance included.

Browse all

SOC 2

0 controls

ISO 27001

0 controls

HIPAA

0 rules

PCI-DSS

0 reqs

GDPR

0 articles

NIST CSF

0 controls

LGPD

0 articles

CMMC 2.0

0 controls

FedRAMP

0 controls

ISO 42001

AI Gov

EU AI Act

AI Gov

NIST AI RMF

AI Gov

Built on standards you can audit — not on logos we collected

W3C

Verifiable Credentials 2.0

DID

Decentralized Identifiers

Ed25519

RFC 8032 signatures

SHA-256

FIPS 180-4 hash

AICPA

SOC 2 Trust Services Criteria

ISO

27001 Annex A · 42001

NIST

CSF 2.0 · AI RMF

Transparent pricing

Everyone else hides their pricing. Here’s ours.

No demo gate. No “contact sales.” Download, verify, decide.

Pro

$299/mo

1 framework. Hash-chained audit logs. Offline verifier CLI.

Start trial

From question to cryptographic proof — in seconds.

Ask in natural language

Query your documents like a compliance expert. Nothing leaves your machine.

Retrieve, rerank, grade

Cross-encoder reranking. Hallucinations flagged before they enter the record.

Sign, chain, export

Ed25519-signed. SHA-256-chained. Exported as W3C VC. Send to auditor — no portal needed.

Common questions

The questions every buyer asks first.

They’re cloud-SaaS that ingests your evidence to a vendor cloud and lets you trust their dashboard. Probatum runs on your laptop, keeps every byte local, and signs every finding so your auditor can verify offline. See full comparison →

Stop selling trust. Start proving it.

$299/month. 14-day free trial. No demo. No sales call.

Cancel from your dashboard in one click. Your data stays on your machine — even after you leave.

Start free trial

No credit card
No demo required
Cancel in 1 click
Data never leaves your machine