// Technical Architecture

Cryptographic
verification at
every layer

Chain of custody • Tamper-evident • Independently verifiable

Every evaluation record is cryptographically signed and timestamped, creating an immutable audit trail that external auditors can verify independently.

Core Technology

Built on cryptographic
primitives

Digital Signatures

Every evaluation result is signed using Ed25519 digital signatures. Each certificate includes the evaluation metadata, results, and a timestamp, creating a tamper-evident record.

SHA-256 hash verification

Ed25519 signature scheme

Public key infrastructure

Merkle Trees

Evaluation datasets and results are organized in Merkle trees, allowing efficient verification of individual records without exposing the entire dataset.

Efficient partial verification

Cryptographic commitment

Privacy-preserving proofs

Timestamping

RFC 3161 compliant timestamping ensures evaluation certificates cannot be backdated. Trusted third-party timestamp authorities provide independent verification.

RFC 3161 timestamps

Third-party TSA validation

Non-repudiation guarantee

Zero-Knowledge Proofs

Prove evaluation properties without revealing sensitive data. Demonstrate compliance to auditors while maintaining privacy of proprietary datasets and models.

Privacy-preserving verification

Selective disclosure

Compliance without exposure

Verification

Independent auditor
verification

01

Public Verification Portal

External auditors can verify any certificate at evalops.dev/verify without requiring access to your systems or data.

02

Certificate Validation

Auditors verify the digital signature, timestamp, and chain of custody cryptographically, ensuring no tampering occurred.

03

Compliance Mapping

Certificates automatically map to SOC 2, ISO 27001, and EU AI Act requirements, showing auditors exactly which controls are satisfied.

Example Certificate

{

"certificate_id": "EV-2025-001423",

"issued_at": "2025-10-15T23:59:59Z",

"model": "gpt-4-turbo-2024-04-09",

"evaluations": {

"safety_score": 97.2,

"latency_p95": "412ms",

"regressions_detected": 3

},

"signature": "a3f5b8c2d4e1f9a7b6c5d8e2...",

"timestamp_authority": "RFC3161-TSA",

"merkle_root": "f2a8b5c9d1e4f7a2b8c6d9e3..."

}

Security & Privacy

Your data never
leaves your infrastructure

On-Premises Deployment

Deploy EvalOps within your VPC or on-premises infrastructure. Your evaluation data, models, and datasets remain completely under your control.

Zero Data Exfiltration

Only cryptographic hashes and signatures are transmitted. Raw evaluation data, prompts, completions, and model artifacts never leave your environment.

End-to-End Encryption

All communication between EvalOps components uses TLS 1.3 with perfect forward secrecy. At-rest encryption for all stored evaluation records.

Get Started

Ready to ship
verifiable AI?

Schedule a technical demo to see how EvalOps generates audit-grade evidence for your AI systems.