Cryptographic data lineage

Every step, signed. Every transition, witnessed. The path your data took — provable, long after the fact.

VeritaPath records how a record got from origin to here: every read, write, transformation, and export, linked in order, each event signed by whoever caused it. When the audit asks how, you have the receipts.

Get early access See how it works

ingest→normalize→enrich→anonymize→export · 5 hops · 5 signatures · 0 gaps

How it works

Follow the trail.

Lineage isn't new. Lineage you can *prove* — with signatures, inclusion proofs, and public checkpoints — is what changes when an auditor, a regulator, or a courtroom asks "how did we get here?"

01 · EMIT

signed events

Every touch on a record emits a small, signed event: who, what, when, and a hash of the before/after state. SDK for Node, Python, and Go; HTTP endpoint for everything else.

02 · LINK

hash-chained lineage

Each event references the previous one by hash. Rewriting history invalidates every event downstream — and the downstream events have already been countersigned.

03 · TRACE

replay the path

Given any record, reconstruct its full path. Export a human-readable timeline or a court-ready evidence bundle with inclusion proofs and checkpoint signatures.

On the command line

Quick look.

# Emit a lineage event from any pipeline stage.
$ veritapath emit \
    --record customer:42 \
    --action anonymize \
    --prev-hash sha256:a1f7… \
    --actor etl-worker@us-east-1
  event-id   ev_01HS2P…
  signed-at  2026-04-21T09:14:02Z
  OK linked to chain: customer:42 (hop 4 of open path)

# Trace a record's full path, end to end.
$ veritapath trace customer:42 --since 2026-01-01
  → 2026-01-14  ingest      by  api-gateway
  → 2026-01-14  normalize   by  etl-worker
  → 2026-02-03  enrich      by  geo-service
  → 2026-04-21  anonymize   by  etl-worker
  → 2026-04-21  export      by  analytics
  ✓ 5 events, 5 signatures, 0 gaps, chain intact

# Export a bundle suitable for an audit or a subpoena.
$ veritapath bundle customer:42 --out evidence-customer-42.zip
  ✓ 5 events, inclusion proofs, checkpoint #00042, witness sigs × 3

What it does — and doesn't

A trail, not a judgment.

VeritaPath can prove…

✓ what happened to a record, in what order
✓ who (which system or user) caused each step
✓ that no event in the chain has been altered
✓ that no event has been silently inserted or removed
✓ any of the above, offline, from the signed bundle

It can't…

· vouch that the *content* emitted was correct
· tell you what happened in systems that never emitted
· decide whether a policy was followed — only show the facts
· replace a DPO, an auditor, or a judge by itself

Who it's for

Built for teams who get asked how did we get here?

Compliance & privacy

GDPR/CCPA data-flow evidence, SAR responses, and consent-withdrawal trails that hold up in a regulatory review.

ML & analytics

Training-data provenance so every model is traceable back to source records, transforms, and filtering decisions.

Incident response

Post-mortem lineage: where did this record come from, who touched it, and was anything upstream compromised?