Evidence your auditors can verify without trusting you.

Eliminate audit doubt. Securely chain, sign, and verify your compliance artifacts for CMMC Level 2 and the EU AI Act—automatically.

Create Free Vault See How Verification Works

Stop relying on screenshots and messy folders. ProlixoTech replaces fragile paper trails with immutable cryptographic chains.

One Engine. Two Compliance Modules.

ProlixoTech Evidence Vault is a single product built on cryptographic receipts. Choose the compliance module that matches your need — or use both.

CMMC Module

CMMC & NIST 800-171

NIST 800-171 / CMMC Level 2 / DFARS

Upload artifacts, map to 110 controls, export evidence index with verification URLs.

Your C3PAO verifies independently.

 AI Governance Module

AI Regulation Compliance

EU AI Act / NIST AI RMF / Colorado AI Act

Log AI decisions with policy versioning, export verifiable evidence for regulators.

Auditors verify without an account.

Both modules run on the same infrastructure: SHA-256 hashing, AWS KMS ECDSA P-256 signing, daily Merkle chain linking, and tamper-evident exports.

How Each Module Works

Same cryptographic engine, different inputs. Here's the step-by-step for each compliance workflow.

CMMC Level 2 Compliance & Evidence Tracking

For defense contractors preparing for C3PAO assessment
  1. Upload artifacts via dashboard or API Drag-drop policies, screenshots, audit logs, and scan reports. Or use presigned S3 URLs for programmatic upload.
  2. Artifacts auto-map to NIST 800-171 controls A policy document maps to AC-1, SC-1, PL-1. An audit log maps to AU-2, AU-3, AU-6. You can override with manual tags for exact mapping.
  3. Each artifact gets hashed and KMS-signed SHA-256 hash of the file content, signed with AWS KMS (ECDSA P-256). The key never leaves the HSM. Record links into the daily shard chain.
  4. Track coverage across 110 controls Dashboard shows which controls are met, partial, or missing evidence. Filter by control family (AC, AU, IA, SC) to find gaps.
  5. Export evidence packages with verification URLs Generate an Evidence Index, SSP appendix, or POA&M. Every artifact entry includes a public verification link your C3PAO can click.
Your C3PAO clicks the verification URL from the export, sees "Signature Valid, Merkle Linked" — no login, no trust in ProlixoTech required.

EU AI Act Compliance & AI Risk Management

For teams running AI systems under EU AI Act, NIST AI RMF, or Colorado AI Act
  1. Install the SDK and log AI decisions from code pip install solymus — then call log.record() at each decision point. Fire-and-forget, non-blocking.
  2. Attach policy version and human oversight metadata Record which policy was in effect, which version, and who reviewed the decision. This creates your "time machine defense" — proof of the rules at decision time.
  3. Every event gets hashed, signed, and chain-linked Same engine as CMMC: canonical JSON, SHA-256 digest, KMS ECDSA signature, shard chain. Runs in background — your application sees near-zero overhead (sub-millisecond on the calling thread).
  4. Daily Merkle attestation seals the record At midnight UTC, all events batch into a Merkle tree. The daily root gets KMS-signed. Retroactive changes to any event break the chain.
  5. Export evidence bundles for regulators JSON or CSV with a public verification URL per decision. Regulators verify any event independently, without accessing your systems.
Regulator asks "was human oversight performed?" — your export shows the reviewer, timestamp, and a cryptographic signature proving it was logged at decision time.

Install in 15 Minutes. Export Auditor-Ready Packages.

Upload Hash Sign Chain Verify
1

Create Account

Sign up and create a workspace. No credit card required for Starter.

2

Select Framework Modules

Choose CMMC, AI Governance, or both. Modules configure which controls and export templates you see.

3

Upload or Log Evidence

CMMC: Upload policies, screenshots, configurations. AI Gov: Send AI decisions via SDK or API.

4

Every Record Gets Signed

SHA-256 hash signed with AWS KMS (ECDSA P-256). Keys never leave the HSM. Evidence linked to daily Merkle chain.

5

Export Verifiable Packages

Evidence index grouped by control, with a verification URL for every artifact. Auditors verify from the export — no login, no API key.

Why Teams Choose ProlixoTech

Compliance evidence built on cryptographic verification, portable exports, and automated collection.

Cryptographic Proof, Not Screenshots

Every artifact gets a KMS-signed receipt with SHA-256 hash. Evidence integrity is mathematical, not organizational.

Auditors Verify Independently

Public verification API lets C3PAOs, regulators, and buyers check any receipt themselves. No login required — verification is based on cryptographic proof, not organizational trust.

Tamper-Evident by Design

Daily Merkle chain linking means retroactive changes break the chain. Gaps and modifications are automatically detectable.

Self-Contained Export Bundles

Evidence packages include the receipt, signature, Merkle proof, daily root, and public key needed for offline verification. Bundles remain verifiable as long as the ECDSA P-256 algorithm is considered secure.

Multi-Framework, One Vault

CMMC, NIST 800-171, EU AI Act, NIST AI RMF, and Colorado AI Act from a single evidence infrastructure. No duplicate uploads.

Free Tier with Full Cryptography

Starter plan includes KMS signing, Merkle chains, public verification, and evidence exports. No paywall on proof integrity.

Verify Without Trusting Us

Your auditors, regulators, and buyers can check any receipt independently. No login required.

Verify a Receipt

Enter an event ID from any export or verification link.

Download Sample Bundle

What Gets Signed

SHA-256 hash + AWS KMS ECDSA P-256. Keys never leave HSM.

Who Can Verify

Third parties verify receipts via export links. Evidence bundles work offline.

What You Export

Evidence packages grouped by control, with verification URLs.

Simple Pricing

One product. Framework modules included by plan or as add-ons.

Starter
$0
per month
  • 1,000 events/month
  • 7-day active access
  • 1 framework module
  • KMS receipts
  • Merkle chain
  • Public verification API
  • Evidence index export
No credit card required
Start Free
Pro
$149
per month
  • 100,000 events/month
  • 365-day active access
  • Up to 3 framework modules
  • Full export suite (SSP + POA&M)
Start Pro Trial
Enterprise
$499
starts at / month
  • 1M events/month (negotiable)
  • Unlimited active access
  • Unlimited workspaces & modules
  • GovCloud + GCC High path (roadmap)
  • SSO/SAML, custom roles, certificates
  • Dedicated support + SLA
Contact Sales

An event is a single evidence record (one artifact upload, SDK log entry, or API ingest call). A framework module configures which compliance controls and export templates you see. Active access is the period you can query evidence via API and dashboard; after that, records are archived per our retention policy.

Frequently Asked Questions

No. We provide verifiable evidence and exports that support your compliance program. Certification is determined by your C3PAO assessor (CMMC) or your own legal and compliance team (AI governance). We give you the evidence trail; you own the compliance outcome.

Yes. Export packages include the receipt, cryptographic signature, Merkle proof, daily root, and verification instructions. Your assessor verifies mathematically without calling any ProlixoTech API. Bundles work offline.

Today you upload evidence manually, via API, or via the Python SDK. Connectors are in development:

  • LIVE REST API & Python SDK
  • PLANNED M365 GCC High connector
  • PLANNED AWS GovCloud connector
  • PLANNED Endpoint agent (Windows/Linux)

We'll announce connectors when they're production-ready.

Export bundles are self-contained. They include everything needed to verify the cryptographic signatures offline. No ProlixoTech API, account, or infrastructure required.

Each AI governance receipt captures the policy version that governed the decision. If a regulator questions a decision made months ago, you can prove which rules were in effect at that moment.

Yes. Starter is free forever with 1,000 events/month, 7-day active access, and one framework module. No credit card required. See Pricing for retention details.

Start Building Your Evidence Trail

Create an account, select your framework module, and generate your first verifiable receipt.

Create Free Vault See How Verification Works

ProlixoTech provides tamper-evident evidence infrastructure that supports your compliance program. Certification outcomes depend on your assessor's evaluation. See our Terms of Service for details.