Proof of deletion.
Velin is an evidence vault for information deletion. Compliance teams use it to produce auditor-ready packs that record what was deleted, what was retained under exception, and why — each one signed, chain-anchored, and verifiable by anyone.
The question every auditor asks
Show me that you actually deleted it.
Most companies answer with a Jira ticket, a screenshot, or a Slack thread. That answer holds until someone needs to reconstruct a deletion from three years ago — a surveillance audit, an erasure request, a regulator's inquiry. Then it doesn't.
- ISO 27001:2022 — Annex A 8.10, Information deletion
- GDPR — Article 17, Right to erasure
- GDPR — Article 5(1)(e), Storage limitation
- SOC 2 — CC6.5, Data disposal
- DORA — Article 12, Backup and restoration
One case, one pack
A pack records the deletion decision, the systems it touched, the outcome in each, the evidence behind every outcome, the exceptions, the backup position, and the approval — in a single signed PDF an auditor can read without an account.
- 01Asserted state hash — SHA-256 over the exact case state the approver signed
- 02Signature — Ed25519, made with Velin's published platform key
- 03Audit chain segment — every change, hash-linked back to the workspace's first entry
Your auditor doesn't have to trust us
Packs verify outside Velin — no account, no API, no trust in our SaaS required.
- step 1signed at exportVelin signs the pack's content hash with the platform key at the moment of export.
- step 2chain rehashThe verifier recomputes the audit chain entry by entry and compares every hash.
- step 3npx @usevelin/verifyAnyone can run the open-source verifier — your auditor, your customer, a regulator. The math does not depend on us.
Watch a full verification, step by step.
What Velin does not do
- We never hold credentials to your systems. Velin records deletion decisions; it does not execute them.
- No destructive integrations. Nothing in Velin can touch, alter, or delete your production data.
- No AI in the product's decision path. Evidence handling is deterministic engineering — hashes, signatures, and an append-only record.
- Your data does not leave the EU. Hosted in Frankfurt; EU sub-processors only.