AnnexOps Compliance

The tamper-evident audit chain regulators demand

Every compliance document is SHA-256 hashed on upload. Every access, approval, and version change is immutably logged. The Evidence Vault gives EU market surveillance authorities exactly what they need.

Open the Vault

🔒 SHA-256 hashed

✓ Immutable audit log

✓ One-click audit export

Evidence integrity

Cryptographic proof. Not just storage.

SHA-256 on every upload

Every document is hashed the moment it is uploaded. The hash is stored in the database and verified on every subsequent read. Any tampering is immediately detectable.

Immutable approval workflow

Draft → In Review → Approved. Every status transition is logged with reviewer identity, timestamp, IP address, and correlation ID. Cannot be edited or deleted.

One-click audit package export

Export a complete, signed audit package for EU market surveillance authorities — all documents, hashes, and audit logs bundled into a single verifiable archive.

Multi-tenant cryptographic isolation

Your evidence is cryptographically isolated from every other customer via PostgreSQL Row-Level Security. Cross-tenant access is architecturally impossible, verified on every CI/CD build.

Vault capabilities

Built for regulators, auditors, and your peace of mind

SHA-256 tamper detection

Every document hash is verified on every read. A single changed byte is immediately detected. Evidence integrity is guaranteed at the cryptographic level, not the policy level.

Approval workflow engine

Structured Draft → Review → Approved workflow with mandatory reviewer assignment. Every approval is timestamped, signed, and logged.

One-click audit export

Generate a complete audit package in a single click. Contains all documents, their SHA-256 hashes, approval records, and the full access log. Accepted by EU.

Version history

Every document version is retained forever. Compare any two versions. See who made each change and when. The complete document history is available for audit.

Row-level security isolation

PostgreSQL RLS policies ensure every database query is scoped to your organisation. No application-layer filtering — isolation is enforced at the database level.

Signed URLs for file access

All file downloads use time-limited signed URLs from AWS S3. No file is ever publicly accessible. Every download is logged to the audit trail.

Integrations

Works With Your Existing Stack

FAQs

Some Frequently Asked Questions and Their Answers

  • 🐙 GitHub Actions
  • 🦊 GitLab CI
  • 🤗 HuggingFace
  • 🧠 Anthropic Claude
  • 🌟 Mistral AI
  • ☁️ AWS SageMaker
  • 📊 Grafana
  • 🔴 Jira
  • 💼 Linear
  • 🔔 Slack
  • 🔷 Google Vertex AI
  • 🤖 OpenAI API

Toggle title

Toggle content goes here, click edit button to change this text.

Read Our Blog

News & Articles

The EU AI Act Explained: A Practical Guide for Companies Building or Using AI
April 3, 2026 | By
The EU AI Act Explained: A Practical Guide for Companies Building or Using AI
High-Risk AI Systems Under the EU AI Act: What Companies Must Do to Stay Compliant
April 3, 2026 | By
High-Risk AI Systems Under the EU AI Act: What Companies Must Do to Stay Compliant
AI Governance Platforms: Why Companies Need Infrastructure to Comply With the EU AI Act
April 3, 2026 | By
AI Governance Platforms: Why Companies Need Infrastructure to Comply With the EU AI Act

Build the evidence chain auditors trust

Start uploading compliance evidence today. Every document is automatically hashed and protected.