Evaident

Built for FCA & SRA-regulated firms · Ready for any enterprise

Prove your AI use.
Every prompt, evidenced.

Evaident captures a complete, tamper-evident record of your organisation's AI use — from enterprise chat tools to in-house agents — and enforces your policy in real time on everything routed through its gateway. With per-person cost management and evidence packs mapped to the EU AI Act, FCA and SRA. Built for regulated firms; ready for any enterprise.

Start free with demo dataSee pricing

No card required · Demo workspace in under 2 minutes

app.evaident.com/app
Events on record
12,840
Flagged
301
AI spend (30d)
$1,284
Daily activity by vendor
ChatGPTClaudeGemini
✓ Evidence chain VERIFIED12,840 events re-hashed
Works withChatGPT EnterpriseClaude EnterpriseGemini for Workspace+ in-house agents

The audit gap your firm already has

Your staff already use AI

ChatGPT, Claude, Gemini and Copilot are in your firm whether sanctioned or not. Suitability letters, contract reviews and client emails are being drafted with AI today.

Your regulator expects evidence

The FCA and SRA expect firms to evidence how work is produced and supervised. The EU AI Act adds explicit log-keeping duties from December 2027. “We have a policy” isn't evidence.

Vendor logs don't add up

OpenAI keeps compliance logs 30 days. Claude exports cover 180. Gemini logs live in Workspace. Four formats, four retention windows, zero unified record — and none of it covers your in-house AI tools.

Two ways in. One record.

Evaident works two ways — and we're clear about what each does. Both feed the same unified, tamper-evident record, dashboard and evidence packs.

Detect & evidence

Enterprise logging

ChatGPT Enterprise · Claude Enterprise · Gemini for Workspace

Connect your enterprise AI accounts via their official APIs. Evaident pulls every interaction into one tamper-evident record — who used what, when, flagged for review — across the AI your staff already use. No agents, no network changes.

After the fact: complete visibility, flagging and reporting. The vendors' logs arrive after use, so this path detects and evidences — it doesn't block.

Monitor & enforce

Real-time gateway

In-house agents · API tools · scripts · internal apps

Point any API-based tool at your Evaident gateway URL. Requests pass through Evaident before they reach the vendor, so your policy — approved models, UK PII blocking, budgets, out-of-hours — is enforced in real time, with exact per-person token costs captured.

In real time: a request that breaks policy is blocked before it leaves your firm — and the blocked attempt is recorded as evidence. Works on any vendor tier, including Team and Pro.

Real-time enforcement applies to gateway traffic. To extend it to browser-based AI use, route staff through the gateway via your existing network controls — we'll help you scope it.

Connect. Capture. Prove.

The vendors built the compliance APIs. Evaident turns them into evidence.

1

Connect

Link enterprise AI accounts via their official APIs, and point in-house agents and API tools at your gateway. Both paths, captured in minutes — no agents to install.

2

Capture

Evaident continuously pulls usage events into one append-only evidence store. Every record is sealed to the previous one with HMAC-SHA256 — tampering is mathematically detectable.

3

Prove

A Purview-style dashboard shows who uses what, where the risks are, and how posture maps to EU AI Act, FCA and SRA obligations. One click produces a regulator-ready evidence pack.

The gateway sits inline — capturing and controlling in real time

Point any API tool at your Evaident gateway URL. Policy is enforced before a request reaches the vendor, and every call is logged with exact token usage — on any vendor tier.

Your AI tools
agents, apps, scripts
Evaident Gateway
policy enforced · usage logged
AI vendors
OpenAI · Anthropic

Everything a compliance officer asks for

Unified audit record

All vendors, one normalised timeline. Search by person, department, tool or risk flag.

Real-time governance controls

Approved vendors and models, UK PII blocking, budgets and out-of-hours rules — enforced at the gateway before data leaves your firm, with blocked attempts recorded as evidence.

Cost management

Per-person and per-department AI spend, premium-model share, billed actuals from vendor APIs, and optimisation insights that often pay for the product.

Tamper-evident chain

Hash-chained, append-only storage with on-demand integrity verification and certificates.

Retention that fits the rules

Default 12-month retention, configurable from 6 months (EU AI Act Art. 26(6)) to 7 years.

Compliance posture mapping

Live mapping of your evidence to EU AI Act Arts. 4, 12 & 26, UK GDPR, FCA Consumer Duty / SYSC 9 and the SRA Code.

Evidence packs

Stamped, referenced exports — summary PDF, full CSV/JSON data and an integrity certificate.

Risk flags

PII, client data, privileged material and out-of-hours use surfaced for review, not buried in logs.

Made for your regulator — and your auditors

Financial services

IFAs, wealth managers, mortgage & insurance brokers

Evidence how AI assists suitability letters, research and client communications. Map usage records to Consumer Duty outcomes and SYSC 9 record-keeping, and hand your compliance consultant a clean export at every audit.

Legal services

Law firms & licensed conveyancers

Supervise AI-assisted drafting and research per fee earner. Surface potential client-confidentiality and privilege risks early, and evidence effective supervision under the SRA Code when it counts.

Every enterprise

Any organisation using AI at work

GDPR accountability, ISO 27001 audits, client security questionnaires and board reporting all ask the same question: who is using AI, on what, at what cost, and can you prove it? One audit record, governance controls and per-person cost management answer it for any sector.

Security your clients can question

Built to pass the due-diligence questionnaires regulated firms have to answer.

UK / EU data hosting

Your evidence stays in-region; database on a private network, not the public internet.

Encryption everywhere

TLS in transit, AES-256-GCM for credentials at rest, hashed API keys.

Tamper-evident by design

HMAC-SHA256 hash chain; integrity re-verified on demand and in every export.

SSO & least privilege

Microsoft & Google sign-in, role-based access, full audit of admin actions.

Questions, answered

Do we need ChatGPT Enterprise or Claude Enterprise?+

For the chat-product logs, yes — those audit APIs are enterprise-tier. But the Evaident Gateway captures any API-based or in-house AI tool on any vendor plan, so you can start evidencing usage immediately regardless of tier.

Where is our data stored?+

In UK/EU-region infrastructure. The database runs on a private network, connector credentials are encrypted at rest, and gateway API keys are stored only as hashes. See our security overview for the full model.

Is this legal advice or a compliance guarantee?+

No. Evaident gives your compliance function the evidence and controls to demonstrate responsible AI use — mapped to EU AI Act, FCA and SRA obligations — but it supports your professionals, it doesn't replace them.

How long does setup take?+

A demo workspace with realistic data is live in under two minutes. Connecting a live source is a credentials paste; pointing tools at the gateway is a one-line base-URL change. No agents to install, no network changes.

What happens when the EU AI Act deadlines arrive?+

High-risk logging obligations apply from December 2027. Firms that start now have a continuous, tamper-evident record rather than a scramble later — and FCA/SRA record-keeping expectations already apply today.

Your firm's AI story, ready for the regulator

Create a workspace with realistic demo data now — connect your live AI accounts when you're ready.

Start free

Questions first? See pricing or write to hello@evaident.app