Trust & Security

Security that's built in.
Not bolted on.

ComplicEdge is designed for environments where compliance records must withstand regulatory and legal scrutiny. Every control is cryptographically verifiable and independently auditable — not just claimed.

Request accessSee how compliance officers use it
SHA-256 hash-chainedAES-256-GCM encryptionPer-tenant key isolationAppend-only audit logIndependent verification

How we protect your data

Multiple layers of protection, verifiable by design

Every layer is independently auditable. No trust assumptions — only cryptographic proof.

Tamper-evident audit log

Every record change is SHA-256 hash-chained to the previous entry. Any modification breaks the chain — making tampering detectable and provable.

Field-level encryption

Sensitive fields are encrypted with tenant-isolated data encryption keys (DEKs) wrapped by a master key. Key rotation is versioned so old data remains readable.

Multi-tenant isolation

Every database query is scoped to a tenant context enforced at the repository layer. One tenant's data is never accessible from another's session.

GDPR-native controls

Subject access requests, right-to-erasure workflows, and data retention policies are first-class platform features — not afterthoughts.

Audit Chain

How the tamper-evident chain works

01

Action recorded

Every compliance event — certificate issued, worker updated, SAR completed — is captured with full actor attribution and UTC timestamp.

02

Hash computed

A SHA-256 hash is computed over the event data plus the previous entry's hash, creating a cryptographic link in an append-only chain.

03

Chain extended

The new entry is appended to the tenant's audit chain. No deletion, reordering, or modification is possible without breaking the chain.

04

Independently verifiable

Chain integrity can be verified offline using standard tools. No proprietary software required. Any tampering is immediately detectable.

Hash Chain
Verified
#4829WORKER_CREATED
14:21:03
SHA-256:a3f7c2...9d14
#4830CERTIFICATE_ISSUED
14:26:41
SHA-256:b8e1d5...2f77
#4831CHAIN_VERIFIED
14:32:07
SHA-256:7c4a19...e3b2
Chain integrity confirmed · no tampering detected

Tenant Isolation

Three independent isolation boundaries

No tenant can read, decrypt, verify, or infer another tenant's data or audit chain.

Cryptographic isolation

Each tenant has independent DEKs. No key material is shared across tenants. KMS access is scoped per-tenant and per-environment.

Data isolation

All database rows are tenant-scoped. Queries are bound to tenant context at execution time. Cross-tenant queries are structurally prevented.

Audit chain isolation

Each tenant has an independent hash chain. Chain verification cannot cross tenant boundaries. No inference across tenants is possible.

Technical Architecture

Full cryptographic design documentation

Key derivation, hash-chain construction, tenant isolation boundaries, and the GDPR data lifecycle — with enough detail to satisfy a technical due-diligence review.

View full security architecture

Trust starts with transparency

Request access to see the platform first-hand, or get in touch to discuss your organisation's compliance requirements.

Request accessAbout ComplicEdge →