For AI agent vendors

Your audit log won't survive enterprise security review.

Chartly is the tamper-evident chart of record for every action your AI agent takes — verifiable by your customer, their auditor, and their regulator without anyone having to trust you.

Request a 15-min demo See pricing

Design partner 5 slots open — 6 months free at Medium tier + named reference position.

The question that kills your enterprise deal

On call 2 of security review, the customer's CISO asks one question:

"How do we know your agent's audit log wasn't edited after the fact?"

Every honest answer today loses the deal.

Your answer	Why it loses
"We log to Postgres / SIEM / Datadog"	You can write to those tables. So can a compromised admin.
"We hash-chain our logs"	Same party signs the chain and runs the verifier. Proves nothing to your customer's auditor.
"We use immudb / Aurora history / Azure SQL Ledger"	Single-party, single-cloud. Your customer's regulator cannot verify without trusting you.
"We're SOC 2 / ISO 27001 certified"	Process certification, not cryptographic non-repudiation. The CISO knows the difference.

Root problem: the suspect is the signer. When one party owns the log, the chain, and the verifier, the proof has zero value to third parties who don't already trust that party.

What we ship

The audit layer that puts the proof outside your control — the only proof your enterprise prospect's auditor will accept.

Multi-party consensus chain

Every agent action signs into a permissioned BFT ledger. Your customer, their auditor, and where applicable their regulator each run a witness node. You cannot rewrite history — and no longer have to convince anyone of that.

Customer holds the key

Per-tenant BYOK from AWS KMS / GCP KMS / Azure Key Vault / HashiCorp Vault. We never hold plaintext keys. Even a subpoena cannot force us to decrypt — only your customer can release the key.

Crypto-shred for GDPR

Right-to-erasure satisfied by destroying the per-subject key. Chain integrity preserved. EU-counsel-approved pattern documented as your contractual erasure mechanism.

Post-quantum native

Hybrid X25519 + ML-KEM-768 envelopes. ML-DSA / SLH-DSA signatures (FIPS 203/204/205). Federal RFPs from 2027 will require this. Competitors don't have it.

Drops in with one SDK call

TypeScript, Python, Go. The rest is metadata, encryption envelopes, and chain submission — handled for you.

chartly.record({
  actor:    "agent:claude-sonnet-4-6/customer-abc",
  action:   "read_customer_record",
  resource: "crm/contact/12345",
  payload:  { ... },
  sensitivity: "pii"
})

What changes in your sales motion

Before	After
Security review takes 8–14 weeks	Audit objection resolved on call 2
"Trust us" is your only answer	Customer cryptographically verifies — no trust required
EU prospects ask Article-12 questions you can't answer	EU AI Act Article 12 compliance is a feature you demo
Compliance work pulls your CTO off product	One SDK call, no audit-trail engineering

Pricing

Pay for what your auditor counts.

Four tiers, priced on monthly event volume and verification topology. Every tier signs to the same consensus chain — higher tiers add multi-region, dedicated witness nodes, and post-quantum co-signing.

Free

forever

Developer adoption

10,000 events / month
Single region
Community Slack support
Read-only verification API

Start free

Small

$197 / mo

billed annually as $2,364

Solo SaaS / early-stage agent

100,000 events / month
Single region
Evidence-pack export (PDF + JSON)
Email support, 48h SLA
Custom retention policy

Get Small

Medium

$997 / mo

billed annually as $11,964

Series A AI vendor

1M events / month
Multi-region
BYOK (AWS KMS / GCP KMS / Azure KV / Vault)
ABAC policies + read-audit trail
30-min onboarding architect call
24h support SLA

Get Medium

Large

from $30K / yr

Regulated SaaS, F500, public sector

Custom event volume (10M+ / month)
Dedicated witness node
Regulator / auditor witness nodes
Post-quantum co-signing (ML-DSA / SLH-DSA)
HIPAA BAA · quorum approval · threshold key release
On-prem option · named CSM · 4h SLA

Talk to us

We don't hard-cap.

If a customer's audit traffic spikes, the service keeps running. We track a 3-month rolling average — short bursts are forgiven. If you sit above your tier for three consecutive months we notify your billing contact — email by default; Slack, Teams, or webhook on request — and either bill the overage at $1 per 1,000 events or quote the upgrade. Your compliance team never gets a "service paused" message at 2am.

Design-partner program

We're taking five design partners before public launch.

6 months free at the Medium tier ($997/mo yearly equivalent)
Weekly architect 1 hour/week of architect time from us
Reference Named reference position at launch (your option)
In return: product feedback + your case study (with your approval)

Apply for a slot

Security & architecture

Built for a threat model where the vendor is the suspect.

Every guarantee Chartly makes is structural, not policy. Even Chartly cannot rewrite your audit trail or read your data without your KMS releasing the key.

Threat model

Adversary	Capability	Defense
External attacker	Compromise vendor app, read DB	Per-tenant BYOK — ciphertext unreadable without customer KMS
Rogue vendor admin	Full DB write access	Chain replicated to consensus nodes vendor doesn't control
Compromised vendor (insider collusion)	Privileged collusion	Witness nodes (customer / auditor / regulator) detect divergence
Future quantum attacker	CRQC available 2035–2040	Hybrid PQC envelopes + PQC co-signing (ML-DSA / SLH-DSA)
Subpoenaed vendor	Forced disclosure	BYOK — vendor cannot decrypt without customer key release

Five-layer architecture

1. Append-only consensus chain

Each event commits as a transaction to a permissioned Antelope BFT chain with 3–7 block producers. Producers can be Chartly-operated, customer-operated, customer's auditor, regulator, or counterparty. On-chain payload is metadata only: timestamp, pseudonymous actor ID, action type, resource type, BLAKE3 hash of the encrypted payload, KMS envelope reference, hash of previous event, block-level co-signature. No PII, no payload, ever. Witness nodes verify integrity without seeing customer data.

2. Encrypted payload (off-chain)

Three storage layers, all customer-owned by default at Medium tier and above:

Disk-level: LUKS / EBS encryption (table stakes)
Application-level: per-event DEK with AES-256-GCM
Field-level: per-family keys (PII / PHI / PCI separate) for granular crypto-shred

DEKs are wrapped by per-tenant KEKs held in the customer's KMS (AWS KMS, GCP KMS, Azure Key Vault, or HashiCorp Vault). Chartly never holds plaintext KEKs.

3. Access control

Five layers, enforced at the read API:

BYOK from customer KMS — non-negotiable above Small tier
Per-tenant isolation — one tenant's compromise never affects another
ABAC by event labels (sensitivity, jurisdiction, business unit, subject category)
Quorum approval for sensitive reads (k-of-n); top tier uses Shamir / MPC so no single admin can decrypt alone
Read-audit — every decryption is itself a recorded event

4. Signatures and integrity

Each event signed by actor (agent identity), vendor (service identity), and block-producer quorum
Per-tenant Merkle chain links events; chain head anchors to the consensus chain every block
Post-quantum co-signing: ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) at Large tier
Hybrid KEM: X25519 + ML-KEM-768 (FIPS 203). If either survives, data stays sealed.

5. Erasure (GDPR Article 17)

Crypto-shredding: erasure request → destroy the DEK for the data subject → ciphertext becomes permanent noise → chain integrity preserved ("event of type X happened at time T, here is its proof, the payload is gone by design"). EDPB-accepted pattern. Per-subject default; per-(subject, purpose) at Large.

Event size & abuse protection

Chartly enforces strict per-event size limits and per-tenant rate ceilings. These exist for two reasons: (1) chain hygiene — block sizes stay predictable so witness nodes verify quickly, and (2) cost integrity — billing per event only makes sense if events are bounded.

Limit	Value	Behavior at limit
Encrypted payload	64 KB / event	SDK rejects with `PAYLOAD_TOO_LARGE`; use blob-by-reference pattern instead
Metadata + action labels	4 KB / event	Rejected at SDK validation; consensus chain only stores this
Event rate (per tenant)	10/s Free · 100/s Small · 1000/s Medium · custom Large	Excess buffered for up to 30s, then 429 with retry-after
Bandwidth (per tenant)	scales with event rate × payload cap	Hard rate limit; doesn't burst

Large artifacts (model outputs, transcripts, PDFs) → blob-by-reference. Customer uploads the blob to their own S3/GCS/Azure Blob bucket. Send Chartly only the content hash + URI:

chartly.record({
  actor: "agent:claude-sonnet-4-6/customer-abc",
  action: "generate_report",
  resource: "report/q4-2026",
  blob: {
    uri:    "s3://customer-bucket/reports/q4-2026.pdf",
    sha256: "9f86d081884c7d659a2feaa0c55ad015...",
    bytes:  4_283_991
  }
})

The chain signs the hash + URI. Your customer holds the blob. Your auditor verifies a sealed report by fetching the URI and re-hashing locally. Chain stays small, costs stay aligned.

Notification preferences

Chartly emits four event categories. Each can be routed to a different channel and a different contact. Every outbound notification is itself recorded on the chain as a notification.sent event — auditing the auditor is the whole point.

Category	Examples	Default channel
Billing	Soft-cap overage, invoice, plan-change confirmation	Email → billing contact
Integrity	Chain divergence detected, witness node down, signing failure	Email + webhook → security contact
Access	Sensitive event decrypted, key release approved/denied, ABAC override	Email + webhook → audit contact
Admin	API key created/rotated, BYOK key changed, member added	Email → admin contact

Available channels (by tier)

Channel	Available from	Security
Email	Free	DKIM + DMARC aligned, dedicated subdomain
Slack / Microsoft Teams	Medium	Per-tenant app install with scoped token
Webhook	Medium	HMAC-SHA256 signed with rotating per-tenant secret
PagerDuty / Opsgenie	Large	Routing-key auth, integrity events only
SMS	Large (on request)	Verified phone + jurisdictional opt-in (TCPA / GDPR)

Customers control routing per category, per recipient, per environment. Multiple recipients per category are supported. SMS is reserved for integrity events; we don't SMS billing notifications — it trains people to ignore the channel that actually matters.

Compliance mapping

Standard	Control	Mechanism
SOC 2 CC6.1, CC7.2	Logical access, monitoring	ABAC + read-audit on chain
GDPR Art. 17	Right to erasure	Crypto-shredding per subject
GDPR Art. 32	Security of processing	BYOK + consensus signatures
HIPAA §164.312	Access, audit, integrity	BYOK + read-audit + chain proof
PCI DSS 10.x	Audit trails, integrity	Tokenize-at-SDK + chain proof
EU AI Act Art. 12	Automatic logging, high-risk AI	Native AI-agent event types
ISO 42001	AI management audit	Evidence-pack export
NIST PQC / NSM-10 / CNSA 2.0	Post-quantum migration	Hybrid KEM + PQC co-signing

Five design-partner slots. First come, first served.

6 months free at Medium tier ($997/mo yearly equivalent) · 1 hour/week architect time from us · Named reference position at launch.

Claim a slot