Audit Ledger · tamper-evident AI audit trails · from £10,000
The audit trail a regulator will ask for, hosted for you, or in your own AWS.
When a regulator asks for the audit trail of every decision your AI made, the answer has to be "yes, here it is, and we can prove nothing was changed or deleted." Audit Ledger is the infrastructure that produces that answer. Take it three ways, all one fixed price of £10,000, or self-host the open source for free. Introductory launch rate, locked in for your engagement and rising after 30 September 2026.
One fixed price: £10,000. You choose how it's delivered.
The same production-grade infrastructure either way. The only difference is who runs it. Hosted adds ongoing cloud running costs, modest and predictable, since the ledger is storage and serverless requests, not LLM inference; the other two are yours to operate from day one. The £10,000 covers a single-account deployment; multi-system or multi-region fleets and repeated audit cycles are quoted above tier.
£10,000 setup
Introductory rate · rises after 30 Sep 2026
We run and maintain the ledger so your team doesn't have to. You get the evidence and the dashboard; we carry the operations.
What's included
- £10,000 one-off setup and configuration
- Ongoing management fee (monthly)
- Cloud running costs billed by usage (mostly storage + requests, the ledger isn't LLM-driven, so there's no AI inference cost)
- Updates, monitoring, and evidence-retrieval support
- Remote HTTPS MCP endpoint inside your AWS account included
- No personal data ever reaches the ledger, only hashed fingerprints (keyed to a secret you hold) and the decision
- Operated inside your own AWS account by default
£10,000
Introductory rate · rises after 30 Sep 2026
We deploy it into your own AWS account and hand it over. Your team owns and operates it from go-live; Zyvra has zero ongoing access.
What's included
- CDK deployment into your AWS account
- Tenant keys, encryption material, and data all inside your boundary
- Remote HTTPS MCP endpoint deployed in your account (basic), enterprise SSO/private networking priced separately
- Wired into your existing monitoring (CloudWatch, Datadog, Splunk)
- Full handover of code, IaC, and runbooks
- 60 days of post-launch support
£10,000
Introductory rate · rises after 30 Sep 2026
We package and hand over the code for your team to deploy on your own systems, with setup guidance and a walkthrough.
What's included
- The full codebase, CDK stack, SDKs, and dashboard
- Setup configured for your environment and compliance posture
- Deployment walkthrough and runbook handover
- Yours to run, modify, and extend
- 60 days of post-launch support
The repositories are open source under Apache 2.0, free to self-host if your team wants to run it themselves. The paid options exist for when you want it deployed properly, compliance-ready, and supported, rather than built from scratch. See the engineering detail →
Immutable by design. Hashed by default. Tenant-isolated from the first request.
Four design choices are what make the evidence defensible in a regulatory review, and none of them can be bolted on to a system that wasn't built with them in mind:
- S3 Object Lock in COMPLIANCE mode. Records cannot be deleted before their retention date, not by an admin, not by AWS, not by the bucket owner.
- Client-side keyed hashing. Personal data is HMAC-SHA256 hashed in the local process before anything leaves it; the ledger only ever stores irreversible fingerprints, so there is no PII at rest in the audit infrastructure.
- Per-tenant sequence completeness. Every stored decision gets a monotonic sequence number, and a verify-completeness endpoint surfaces any gaps, so you can prove nothing has been deleted, not just that what remains is unaltered.
- Two-key namespace separation. Write keys cannot read; read keys cannot write. A leaked write key cannot exfiltrate data; a leaked read key cannot plant fake records.
The MCP server is published to npm and listed in Anthropic's official MCP Registry. Try every tool zero-config:
Even when we host it, your personal data never reaches the ledger.
The hashing happens before anything leaves you. Personal data is HMAC-SHA256 hashed inside your own process, keyed to a secret only you hold, before any record is sent. So the ledger only ever stores irreversible fingerprints (which no one, including Zyvra, can reverse without your key) plus the structured decision and its metadata. Your raw data, and the key that could match the fingerprints, never leave your environment. That's true in every delivery mode, hosting included.
We set up your tenant HMAC key as a standard part of onboarding, so keyed hashing is always on and the guarantee always holds, never the weaker plain-hash fallback.
This is why hosting doesn't compromise the usual Zyvra trust model: there is no personal data at rest in the ledger to host. For teams that also want the decision records and the AWS account itself inside their own boundary, we operate the hosted ledger in your own AWS account by default. A fully Zyvra-operated instance is available too, and even then, no personal data reaches it.
Because the ledger stores no PII and can run entirely inside your own AWS account, SOC 2 isn't required for the evidence store the way it would be for a SaaS processor of sensitive customer data. Some procurement teams may still ask for SOC 2 covering Zyvra as an operator where we provide ongoing managed-service access, we'll be straight about that on the call.
This is not legal advice. Whether the evidence the ledger produces satisfies a specific obligation is a question for your legal counsel. Zyvra builds and runs the technical surface; the deploying organisation owns the attestation.
The ledger and the MCP server, both deployed in your own AWS account.
For most regulated buyers the real procurement question isn't data sensitivity (the ledger holds no PII), it's the control boundary: can the whole thing run inside our cloud, under our keys, networking, logging, retention, and policies? Yes. We deploy both the ledger and the MCP server into your AWS account. Your AI agents connect to a remote HTTPS MCP endpoint inside your boundary, no local tooling to install, and your keys, logs, records, retention policy, and network controls all stay with you. Zyvra operates it under a managed agreement, or hands it over for your team to run.
A sensible AWS shape, fitted to your stack:
- MCP server on ECS Fargate, Lambda + API Gateway, or App Runner, exposed as a remote HTTPS MCP endpoint, not just
npx audit-ledger-mcp. - Auth via OAuth/OIDC, API keys, or an IAM-backed gateway, depending on your stack.
- Secrets in AWS Secrets Manager / KMS; ledger storage stays in your account.
- Optional private access via PrivateLink, VPN, IP allowlist, or an internal ALB.
- Logs and metrics to your CloudWatch, Datadog, or Splunk.
A basic remote MCP deployment is included with the AWS options. Advanced enterprise requirements, SSO/OIDC, private networking, tenant routing, deep observability, and support SLAs, are priced separately.
One honest nuance: if the hashing runs in the cloud MCP server rather than client-side, raw input reaches that server. That's still sound when the server sits inside your own cloud boundary. The guarantee is "hash before it leaves the client-controlled environment," and your cloud is that environment. The strongest posture is still to hash before data leaves you; we'll design to whichever line your compliance team draws.
Tell us which way you want it.
Send a brief note on your use case, your regulator, and whether you'd like it hosted, deployed into your AWS, or handed over as code. We'll reply within two business days, with an NDA in place first if you'd like one.