Security Transparency

Our signing key is public. Our signatures are verifiable. Our reports can't be forged. Everything below is open for inspection — no trust required.

Cryptographic Proof — Open for Inspection

Probatum signs every audit entry and compliance credential with an Ed25519 key. The public key is published openly so anyone can verify signatures without contacting us.

Public Key (JWK)

Ed25519 public key in JSON Web Key format

DID Document

did:web identity — resolves at this domain

Credential Verifier

Paste any VC JWT to verify signature + revocation

Audit Chain Schema

Each audit log entry contains a SHA-256 hash chained to the previous entry using the formula:

entry_hash = SHA256(
  previous_hash + trace_id + user +
  timestamp + question_hash + event_type
)

Tampering with any field in any entry invalidates every hash that follows. The chain is verified client-side in your browser — no server round-trip. Maps to SOC 2 CC7.2 (monitoring) and ISO 27001 A.12.4 (logging).

What Stays Local

✓ On Your Machine

  • • Source documents
  • • Document embeddings
  • • PostgreSQL with vector search
  • • Local LLM inference

↗ Cloud Control Plane

  • • Query text
  • • Generated answers
  • • Ed25519-signed audit entries
  • • License management

Encryption & Access Control

  • In Transit: TLS 1.3 for all API communications.
  • At Rest: Cloud data encrypted with AES-256.
  • Credentials: Ed25519-signed W3C VCs — independently verifiable, unforgeable.
  • RBAC: Admin, Analyst, Viewer roles — granular per-framework access gating.

Responsible AI by Design

Citation-Per-Claim Grounding

Every claim in every answer cites its source chunk. Claims not found in evidence are flagged. Confidence is penalized per hallucinated citation — so you never cite a fabrication in an audit.

Cross-Encoder Reranking

Retrieved evidence is reranked by a cross-encoder reranking model before synthesis. Higher relevance, fewer spurious citations.

25-Step Agentic Pipeline

Queries run through a chain-verified, deterministic agentic loop. Every step is observable, every answer is reproducible.

Circuit-Breaker Reliability

Embedding calls are guarded by an async circuit breaker (3-failure threshold, 30s reset). A slow inference run returns a partial answer — never a hanging request.

Last updated: March 2026