The lifecycle
How an AI decision becomes evidence
Four steps, from the moment your model returns a decision to the moment an auditor independently confirms what happened.
Step 1 · Capture
Your AI system runs — unchanged
CarveTrace captures events through an SDK that drops into your existing code. The model itself does not change. Nothing leaves your network: events are buffered and signed inside your perimeter, by your keys, on your hardware.
Step 2 · Seal
Events get sealed, locally and for good
Every event is added to a cryptographic chain — each entry binds the one before it, so altering an old record breaks every record that came after. At regular intervals, the chain is timestamped by an independent RFC 3161 authority, anchoring "this happened by this date" to a third party you didn't pay.
Step 3 · Verify
Anyone can verify what you sealed
When you need to demonstrate compliance — or defend a decision — you export an evidence bundle. It opens in an open-source verifier that runs entirely in a browser. No upload to our servers. No login. Your auditor sees the same verdict your regulator would.
Step 4 · Defend
When the audit comes, hand them a readable report
The bundle is not just cryptographic signatures — it produces a human-readable report mapping every piece of evidence to its AI Act Article 12 obligation. Your auditor reads the report. Your regulator reads the report. You do not have to translate cryptography into compliance language; CarveTrace already did.