Provenrail provenrail

Legal

Disclaimer

Last updated 8 June 2026

Provenrail is evidence tooling, not legal advice and not a compliance guarantee.

No warranty

The software is provided "as is", without warranty of any kind, to the fullest extent permitted by law. See the MIT and AGPL-3.0 license texts that ship with the code.

What it proves, and what it does not

Provenrail makes records that reach the sink tamper-evident and independently verifiable. It does not and cannot prove completeness: an agent that never calls the SDK will not appear in the record. This limitation is stated throughout the product and the specification, not hidden in fine print.

Compliance

References to the EU AI Act, HIPAA 164.312(b), 21 CFR Part 11, PCI DSS, ISO 42001, SOC 2, or eIDAS describe how Provenrail's technical controls map to those frameworks as supporting evidence. They are not certifications. Your organization remains responsible for its own compliance, certification, and attestation. Provenrail does not act as a HIPAA business associate.

"Take to court"

This describes the design goal of producing independently verifiable evidence. The admissibility and weight of any evidence are decided by the relevant court or authority, not by us.

Legal advice

Nothing in this repository or on the website is legal advice. Consult qualified counsel in your jurisdiction.

Back to provenrail.com