Settled provides cryptographically immutable audit logs with inclusion and consistency proofs verifiable by regulators, auditors, and external parties — without requiring server access or vendor involvement.
| # | Entry | Chain Hash |
|---|
Organisations in every regulated sector invest heavily in audit infrastructure, yet most implementations share a fundamental weakness: a sufficiently privileged operator can rewrite history without detection.
Standard append-to-table audit logs offer no cryptographic assurance. Any user with database write access — including DBAs, backup systems, and compromised service accounts — can alter or delete records without trace.
No tamper detectionManaged logging services introduce vendor dependency into your regulatory chain. Data custody leaves your environment. Verification of record integrity requires trusting the vendor's infrastructure and attestations.
Vendor dependencyCryptographically correct alternatives such as Immudb and Trillian exist but are built primarily for Go ecosystems, lack enterprise deployment tooling, and provide limited SDK support for the languages used across regulated industries.
Ecosystem mismatchFour deterministic steps, each cryptographically bound to the next. The integrity of any record can be demonstrated to a regulator or external auditor without granting access to the system.
The client submits a record identifier and payload. The server assigns a monotonically increasing sequence number and acknowledges durably via write-ahead log before responding.
WAL-durable · append-onlyTwo hashes are computed. A leaf hash (RFC 6962 domain separation) is inserted into the Merkle tree. A chain hash binds this entry to every entry before it — modifying any record cascades a changed hash through the entire subsequent log.
SHA-256(prev ‖ leaf)Periodically, the server signs the current Merkle root and tree size with Ed25519, producing a Signed Tree Head. This snapshot is publishable to regulators as a point-in-time commitment to the entire prior log.
Ed25519 · 48-byte payloadEntries before an anchor are verifiable with an O(log n) Merkle inclusion proof. Entries since the last anchor are verified by walking the hash chain. No server connection required at verification time.
O(log n) · client-sideEvery design decision in Settled traces back to a single invariant: a valid proof must be valid everywhere, always, without requiring trust in the originating system.
Modifying any committed record changes its chain hash, which cascades through every subsequent entry. Against a published snapshot, recalculating the chain is insufficient — the Merkle root no longer matches the signed anchor. Tampering is detectable without access to the original data.
Proofs are verifiable by external auditors, regulators, and counterparties using only the server's public key. No API access, no vendor involvement, no ongoing service dependency.
A party holding a historical Signed Tree Head can verify a newer one using O(log n) hashes — no entries need to be re-read. Proves that every entry present at the earlier snapshot is still present and unchanged in the later one. Does not verify the content of entries added between the two snapshots.
Each signing key rotation is countersigned by the preceding key, creating a verifiable chain of custody. Historical proofs remain valid across key rotations; rotation events are themselves auditable.
All audit data, signing keys, and proof material remain within your infrastructure perimeter. No data is transmitted to external services. Suitable for air-gapped environments.
RocksDB write-ahead log ensures durability. The Merkle tree CF is fully reconstructible from the immutable log. Recovery procedures are deterministic and testable.
Settled is a single-binary service with no mandatory external dependencies. It can be operated within the most restrictive infrastructure policies.
Deployed directly onto your own hardware or private data centre infrastructure. No cloud dependency. Suitable for air-gapped regulatory environments.
Deployed within your organisation's private cloud tenancy on AWS, Azure, or GCP. Traffic never leaves your Virtual Private Cloud.
Audit log remains on-premises. Signed Tree Heads can optionally be published to independent external verifiers for regulatory cross-attestation.
Evaluated against the criteria most frequently cited in regulated industry audit and compliance frameworks.
| Capability | Settled | Database Audit Table | Managed SaaS | Immudb / Trillian |
|---|---|---|---|---|
| Cryptographically immutable records | ✓ | ✗ | ✓ | ✓ |
| Independent third-party verification | ✓ | ✗ | ✗ | ✓ |
| Consistency proofs across time | ✓ | ✗ | ✗ | ✓ |
| On-premises deployment | ✓ | ✓ | ✗ | ✓ |
| No vendor trust required at verify time | ✓ | ✗ | ✗ | ✓ |
| Multi-language SDKs (TypeScript, Python, Go, Java, .NET, Rust) | ✓ | — | ✓ | ✗ |
| HSM / KMS key management support | ✓ | varies | varies | partial |
| Open source, auditable codebase | ✓ | — | ✗ | ✓ |
Request a technical demonstration, ask a question about the architecture, or discuss deployment options for your organisation.
We typically respond within one business day.