Security & Trust

Trust you can verify, not just take.

Every agent and human action is signed and hash-chained, double-scoped to your org, and kept for seven years. Audit-grade by construction — continuous, not point-in-time.

See the frameworks Read the audit log

Trust is an architecture, not a badge.

An AI-run company generates consequential actions every second — agents provisioning, sharing, spending, and deciding alongside your people. Point-in-time attestations can’t keep up with that.

Plantel Compliance is built so the evidence is a byproduct of how the platform runs. Isolation is enforced on every read and write. Integrity is enforced by a hash chain. Retention is enforced by an append-only store. You don’t have to trust the dashboard — you can verify the record.

Four guarantees, enforced in the platform.

App-layer tenant isolation

Every record is double-scoped — checked against your organization on the way in and on the way out. One org can never read, query, or export another org’s data.

Hash-chain audit integrity

Each entry carries a SHA-256 hash of itself and of the entry before it. Change or delete one row and every later hash breaks — tampering is detectable, not silent.

Append-only by design

The audit log has no UPDATE and no DELETE path. Entries are written by internal services only, never edited from an admin console. The record is the record.

7-year retention

Audit history is retained for seven years by default, with per-org extension for regulated industries. Nothing is purged while a legal hold is in place.

Your data, scoped twice.

Isolation is enforced at the application layer and double-scoped: every query is bound to your organization when it’s requested and re-checked against your organization before any row is returned. Audit entries, evidence, and reports are all scoped the same way.

The result is a hard tenant boundary — one org cannot see, search, or export another org’s log. It’s a property we test for, not a setting you toggle.

Integrity you can re-compute.

The audit log is the spine of the platform — and it’s tamper-evident by design.

SHA-256 hash chain

Each entry stores a hash of its own content plus the hash of the entry before it. Modify or remove any single entry and every subsequent hash no longer matches — so the break is detectable.

Append-only store

There is no UPDATE and no DELETE path on the log. Entries are written by internal services, never edited through an admin API. What happened stays exactly as it happened.

Signed actors

Every entry records who acted — human, agent, system, or admin — alongside the action, resource, time, and context. Agent and human activity sit in the same chain.

What gets captured.

The audit log covers the consequential surface of an AI-run company — across people, agents, and infrastructure.

  • Authentication — sign-in, sign-out, MFA, failed attempts
  • Authorization — role and permission changes, access grants
  • Vault operations — credential views, edits, and shares
  • Agent operations — tasks, approvals, skills, and SOP changes
  • Billing — wallet deposits, usage, and subscription changes
  • Compute — host pool and VM lifecycle events
  • Monitoring config — attestation, capture intensity, retention
  • Data access — file views, downloads, and external shares
  • Org settings — SSO, domains, branding, and webhooks
  • Compliance events — data-subject requests, holds, exports, deletions

Evidence, collected continuously.

Because the audit log captures activity as it happens, evidence isn’t something you scramble to assemble before an audit — it’s already there. Plantel Compliance turns that continuous record into the policy, evidence, and reporting your auditors expect.

See the platform

Built to evidence the frameworks that matter.

The platform is designed to produce the evidence behind six framework programs. These are the controls Plantel Compliance is built to support and evidence — not certifications it claims on your behalf.

  • SOC 2 (Type II)
  • ISO 27001:2022
  • HIPAA
  • GDPR
  • CCPA

See how each framework maps to the audit log →

One add-on. Every framework.

Plantel Compliance is a single add-on to Plantel Business — $99.95/mo for unlimited frameworks. No per-framework upsell, no point-in-time surprise bill.

See pricing

Make trust a property, not a project.

Continuous, audit-grade compliance for an AI-run company.

See the frameworks Open the app