Trust & security

Paraph exists to make AI agents provable to the people who answer for them. That only works if you can hold us to the same standard — so this page states plainly how the system is built, what we store, where it lives, and what you can verify without trusting a word we say.

The record is designed to not need your trust

  • Hash-chained events. Every event's hash covers the previous event's hash and its own canonical content. Altering, dropping, or reordering anything after the fact breaks the chain — detectably, at the exact event.
  • External anchoring. Evidence exports carry an RFC 3161 timestamp from an independent authority over the document's digest. A third party can verify an export with openssl alone — no Paraph systems involved. Try it on our public sample.
  • Lawful erasure without silent erasure. GDPR deletion tombstones an event: content is removed, the hash and linkage are preserved, so the record still proves something existed and was erased — rather than pretending it never happened.
  • The audit of the auditors. Evidence exports and credential changes are themselves logged, per workspace.

Isolation & credentials

  • Every query is tenant-scoped at the data layer; workspaces cannot see each other's runs, gates, or exports.
  • API keys are shown once and stored only as SHA-256 hashes. Revocation is immediate and audit-logged.
  • Console access is via WorkOS (SSO/SAML-ready); reviewer identity on sign-offs comes from the authenticated session, never from client input.

Egress & transport

  • Webhook deliveries are HMAC-signed (x-paraph-signature) so receivers can verify the sender — and our dispatcher refuses private/internal network targets and redirects, by design.
  • TLS everywhere; HSTS, a content-security policy, frame-embedding denial, and strict referrer policy on every route.
  • Ingestion enforces payload and field-size limits; oversized records are rejected, never silently truncated.

Where your data lives

The real-time layer (Tideline) runs in Amsterdam. The application and database currently run in the USA; migration to EU regions (Frankfurt) is scheduled with our first design-partner cohort — stated here plainly because residency claims are exactly the kind of thing this product exists to keep honest.

Subprocessors

ProviderPurposeRegion
VercelApplication hosting & serverless computeUSA (EU region planned with the design-partner cohort)
NeonPostgres — the durable recordUSA (EU region migration in progress)
Fly.ioTideline real-time engineEU — Amsterdam
WorkOSConsole authentication & SSOUSA (auth metadata only — no run content)
freetsa.orgRFC 3161 timestamp authority (evidence anchoring)Germany

No LLM providers touch your data: Paraph records your agents; it doesn’t run them.

Compliance posture

Controls are built to SOC 2 shape (isolation, least-privilege credentials, audit logging, change control); the formal audit is planned alongside first revenue. EU AI Act mapping for Articles 12 and 14 is documented feature by feature. We’ll never claim a certification we don’t hold.

Reporting a vulnerability

Security reports go to hello@paraph.ai and are acknowledged within two business days. Good-faith research is welcome; we won’t pursue researchers acting responsibly.

Last updated 13 July 2026.