Trust & security
Paraph exists to make AI agents provable to the people who answer for them. That only works if you can hold us to the same standard — so this page states plainly how the system is built, what we store, where it lives, and what you can verify without trusting a word we say.
The record is designed to not need your trust
- Hash-chained events. Every event's hash covers the previous event's hash and its own canonical content. Altering, dropping, or reordering anything after the fact breaks the chain — detectably, at the exact event.
- External anchoring. Evidence exports carry an RFC 3161 timestamp from an independent authority over the document's digest. A third party can verify an export with
opensslalone — no Paraph systems involved. Try it on our public sample. - Lawful erasure without silent erasure. GDPR deletion tombstones an event: content is removed, the hash and linkage are preserved, so the record still proves something existed and was erased — rather than pretending it never happened.
- The audit of the auditors. Evidence exports and credential changes are themselves logged, per workspace.
Isolation & credentials
- Every query is tenant-scoped at the data layer; workspaces cannot see each other's runs, gates, or exports.
- API keys are shown once and stored only as SHA-256 hashes. Revocation is immediate and audit-logged.
- Console access is via WorkOS (SSO/SAML-ready); reviewer identity on sign-offs comes from the authenticated session, never from client input.
Egress & transport
- Webhook deliveries are HMAC-signed (
x-paraph-signature) so receivers can verify the sender — and our dispatcher refuses private/internal network targets and redirects, by design. - TLS everywhere; HSTS, a content-security policy, frame-embedding denial, and strict referrer policy on every route.
- Ingestion enforces payload and field-size limits; oversized records are rejected, never silently truncated.
Where your data lives
The real-time layer (Tideline) runs in Amsterdam. The application and database currently run in the USA; migration to EU regions (Frankfurt) is scheduled with our first design-partner cohort — stated here plainly because residency claims are exactly the kind of thing this product exists to keep honest.
Subprocessors
| Provider | Purpose | Region |
|---|---|---|
| Vercel | Application hosting & serverless compute | USA (EU region planned with the design-partner cohort) |
| Neon | Postgres — the durable record | USA (EU region migration in progress) |
| Fly.io | Tideline real-time engine | EU — Amsterdam |
| WorkOS | Console authentication & SSO | USA (auth metadata only — no run content) |
| freetsa.org | RFC 3161 timestamp authority (evidence anchoring) | Germany |
No LLM providers touch your data: Paraph records your agents; it doesn’t run them.
Compliance posture
Controls are built to SOC 2 shape (isolation, least-privilege credentials, audit logging, change control); the formal audit is planned alongside first revenue. EU AI Act mapping for Articles 12 and 14 is documented feature by feature. We’ll never claim a certification we don’t hold.
Reporting a vulnerability
Security reports go to hello@paraph.ai and are acknowledged within two business days. Good-faith research is welcome; we won’t pursue researchers acting responsibly.
Last updated 13 July 2026.