Skip to content

Compliance

Build automation that regulators can verify. Every action in Kiket creates an immutable audit record anchored to the blockchain—proof that your processes are followed, your AI is accountable, and your data is untampered.

Why Compliance Matters

graph TB
    subgraph "Traditional Audit"
        A[Action Logged] --> B[Database Record]
        B --> C[Export Report]
        C --> D[Auditor Reviews]
        D --> E["Trust Required ⚠️"]
    end

    subgraph "Kiket Audit"
        F[Action Logged] --> G[SHA-256 Hash]
        G --> H[Merkle Tree]
        H --> I[Blockchain Anchor]
        I --> J["Independent Verification ✓"]
    end

    style E fill:#dc2626,stroke:#fff,color:#fff
    style J fill:#10B981,stroke:#fff,color:#fff

The difference: Independent verification without trust. Auditors, regulators, and legal teams can verify your records against the public blockchain—no need to trust that your internal systems haven't been tampered with.

How Blockchain Auditing Works

The Anchoring Process

sequenceDiagram
    participant User as User Action
    participant Kiket as Kiket Platform
    participant Merkle as Merkle Processor
    participant Poly as Polygon Blockchain

    User->>Kiket: Perform action (issue update, AI decision, etc.)
    Kiket->>Kiket: Create audit record with SHA-256 hash
    Kiket->>Merkle: Add to current Merkle tree
    Note over Merkle: Batched every hour (or 15 min)
    Merkle->>Merkle: Compute Merkle root
    Merkle->>Poly: Submit anchor transaction
    Poly->>Poly: Confirm in block
    Poly-->>Kiket: Transaction confirmed
    Note over Kiket,Poly: Record permanently verifiable

What Gets Anchored

Category Events
Issue Lifecycle Create, update, delete, transitions, comments, attachments
AI Operations Invocations, decisions, overrides, confidence scores
Configuration Workflow updates, extension installs, project settings
Security Permission changes, API keys, OAuth connections

Anchoring Frequency

Plan Standard High-Frequency Immediate
Starter Hourly
Professional Hourly 15 minutes
Enterprise Hourly 15 minutes Configurable

Supported Certifications

  • SOC 2 Type II

    Blockchain-anchored audit trails provide evidence of security controls, access management, and change tracking for SOC 2 audits.

  • GDPR

    Complete data processing records with timestamps, consent tracking, and data subject activity logs.

  • ISO 27001

    Security control evidence, access logs, and configuration change tracking for certification.

  • EU AI Act

    Article 12 compliance with AI operation logging, human oversight records, and decision auditability.

  • HIPAA

    Healthcare data access logging, audit trails, and breach detection support. (Enterprise)

  • PCI DSS

    Payment data handling evidence and access controls. (Enterprise)

Explainable AI

Every AI decision includes a reasoning trace:

{
  "operation": "ai_assignment_suggested",
  "agent_id": "assignment-agent-v2",
  "status": "accepted",
  "reasoning": {
    "summary": "Skill match and availability",
    "factors": [
      { "factor": "skill_match", "score": 0.95, "reason": "Backend expertise" },
      { "factor": "availability", "score": 0.88, "reason": "3 issues in progress" },
      { "factor": "recent_work", "score": 0.82, "reason": "Worked on similar issues" }
    ],
    "confidence": 0.92
  },
  "blockchain_anchor": "0x7f9e..."
}

Auditors see not just what the AI decided, but why—with cryptographic proof.

Verification

Independent Verification

Anyone can verify a record without trusting Kiket:

  1. Get the record hash from Kiket or exported report
  2. Retrieve the Merkle proof (path from record to root)
  3. Find the anchor transaction on Polygon blockchain
  4. Compute the Merkle root from record + proof
  5. Compare to anchored root in transaction
graph LR
    A[Record Hash] --> B[Merkle Proof]
    B --> C[Computed Root]
    D[Blockchain TX] --> E[Stored Root]
    C --> F{Match?}
    E --> F
    F --> |Yes| G["✓ Verified"]
    F --> |No| H["✗ Tampered"]

    style G fill:#10B981,stroke:#fff,color:#fff
    style H fill:#dc2626,stroke:#fff,color:#fff

Verification Tools

  • Web UI: Click the chain icon on any record to verify
  • PDF Reports: QR codes link directly to blockchain explorer
  • CLI: kiket audit verify <record-id>
  • API: GET /api/v1/audit/verify/:record_id

Compliance Reports

Generate PDF reports with embedded verification proofs:

Audit Trail Report

Full history with Merkle proofs and QR codes:

kiket audit export --from 2026-01-01 --to 2026-01-31 --output audit.pdf

EU AI Act Report

AI system inventory, operation statistics, oversight documentation:

kiket audit export --type eu_ai_act --output ai_compliance.pdf

Reports include:

  • Complete audit records with timestamps
  • Blockchain verification status for each entry
  • QR codes linking to anchor transactions
  • Step-by-step verification instructions

In This Section

  • Blockchain Audit Trails

    Deep dive into how anchoring works

    Audit trails

  • Compliance Reports

    Generate and distribute compliance evidence

    Reports

  • EU AI Act

    Article 12 compliance for AI operations

    AI Act

  • AI Overview

    AI agents and explainable decisions

    AI Overview

  • Verification

    How to independently verify records

    Verification

  • Security

    Platform security model

    Security

Quick Reference

View Audit Status

  • Dashboard: /blockchain — Anchoring statistics and status
  • Audit Log: /audit_trail — Browse all audit records
  • Record Detail: Click chain icon on any item

Status Indicators

Icon Status
🟢 Chain Verified — Blockchain anchored and confirmed
🟡 Clock Pending — Awaiting next anchor batch
🔴 Alert Failed — Retry in progress

API Endpoints

# List audit records
GET /api/v1/audit

# Verify a record
GET /api/v1/audit/verify/:record_id

# Export report
GET /api/v1/audit/reports/audit_trail.pdf
GET /api/v1/audit/reports/eu_ai_act.pdf