Trust

Clear about what we are — and what we are not.

AffectLog is technical and operational infrastructure. We are not a regulator, certifier, or legal adviser. These boundaries are not caveats — they are design decisions.

Evidence travelsRaw data stays localEd25519 signedNot legal advice

Evidence Boundary Map

Stays inside

Raw personal data
Model weights
Prompts
Documents
Embeddings

receipts only

Leaves as receipt

Metric score
Ed25519 signature
Hash (not data)
Timestamp
Pass / fail
raw_export: off (default) · Ed25519: required

What we are

AI access gateway
Evidence engine
Trust-by-design ops
Supplier risk layer

What we're not

A law firm
A certifier
A compliance checklist
A regulator

Standard disclaimer — all exports

"Technical and operational evidence only. Not legal advice, certification, or regulatory approval."

Scope

What AffectLog is — and is not.

What AffectLog is

  • An AI access gateway and approval workflow
  • A supplier evidence request and passport system
  • An AI agent access-governance layer
  • A technical evidence receipt engine
  • A buyer/vendor evidence network
  • A local/federated diagnostic orchestration layer
  • A trust-by-design operational control plane
  • A Lighthouse Dashboard for AI supplier and agent oversight

What AffectLog is not

  • A law firm or legal adviser
  • A notified-body conformity assessment body
  • A certification body under the EU AI Act or any regulation
  • A generic AI governance dashboard
  • A generic LLM observability tool
  • A pure compliance checklist generator
  • A legal interpretation engine
  • A replacement for DPO, CISO, or legal review

Evidence boundaries

How evidence works — and where it stops.

What AffectLog collects

Evidence summaries, supplier-provided documentation, diagnostic metric outputs, policy decision records, and access decision history. These are operational and technical records — not raw data.

What AffectLog does not collect

Raw personal data, raw model weights, raw training datasets, raw prompts, raw documents, or any data that would require centralised processing of sensitive information. Raw export flags are off by default.

Signal Receipts

Every diagnostic run produces a signed Signal Receipt — a summary of the metric result, the diagnostic backend, and the evidence status. The receipt is signed with an Ed25519 key. Raw inputs never leave the local environment.

Legal-review-ready exports

Exports produced by AffectLog are formatted for use in DPO reviews, CISO reviews, procurement reviews, and board briefings. They include risk tier, evidence completeness, access decision, and limitations. They are not legal opinions.

Disclaimer — always included on exports

AffectLog provides technical and operational evidence to support AI access, supplier-risk, security, privacy, and governance review. AffectLog does not provide legal advice, certification, notified-body conformity assessment, or regulatory approval.

Local and federated execution

The Edge Capsule can run diagnostics where the data lives — inside your infrastructure. Only signed Signal Receipts are transmitted to AffectLog. No raw data crosses the boundary.

Standard disclaimer — included on all exports

"AffectLog provides technical and operational evidence to support AI access, supplier-risk, security, privacy, and governance review. AffectLog does not provide legal advice, certification, notified-body conformity assessment, or regulatory approval."