Home/Products/Trust

DAVA Trust.

The compliance layer underneath every product. Lineage chain, immutable audit log with hash chain, retention enforcement, right-to-erasure orchestration, policy decision point, downloadable evidence packs, EU AI Act mode switch.

Talk to AVA ResearchRead the docs

Trust is unusual: it's both the substrate every other product depends on AND its own product SKU. Customers running just Trust use it to govern data they already have. Customers running Norm/Dedup/Connect/Agent get Trust included because those products literally cannot run without the audit chain.

Product · 05

What Trust ships with.

Each capability runs in the shared engine — the Norm pipeline, the Trust audit chain, the Decisioning mode toggle. Same substrate as the other four products.

01

Hash-chained audit log

Every transformation, decision, policy hit, download, key mint — a tamper-evident block. Each event includes the previous event's hash. Break one and the chain visibly fractures.

02

Policy decision point

Open Policy Agent under the hood. Your PDP rules, your decisions, your records. Lower priority wins on conflict. System-managed rules can be disabled but not deleted.

03

Evidence packs on demand

Per-job signed ZIP — input hash, output, lineage graph, decisions, retention proof. Downloadable from the dashboard or /v1/trust/evidence-packs.

04

Right-to-erasure orchestration

GDPR Article 17 workflow. Subject submits request, staff approves, the engine cascades the redaction across all derived datasets and writes a tombstone. Chain stays intact; the redacted block is sealed but visible.

SDK · python

Wire it in under a minute.

The Python SDK is the most mature. TypeScript follows the same shape. Both ship with strict types and async-first APIs.

Install
pip install dava-trust
main.py
import asyncio
from dava_trust import Client

async def main():
    async with Client(api_key="dava_live_…") as c:
        events = await c.recent_events(limit=20)
        for e in events:
            print(f"{e.created_at}  {e.event}")

        graph = await c.lineage("job", "abc-123")
        for edge in graph.edges:
            print(edge)

asyncio.run(main())
API surface

Endpoints you'll actually hit.

Same auth as the rest of DAVA: bearer API key on Authorization: Bearer dava_live_… or session cookie + CSRF for browser flows.

MethodEndpointPurpose
GET/v1/trust/eventsRecent audit-log entries with hash-chain integrity.
GET/v1/trust/verifyRecompute the hash chain for one subject and return chain_intact + first divergence (if any).
GET/v1/trust/lineage/{type}/{id}Lineage graph for one subject (job, file, dataset).
GET/v1/trust/policiesActive policy-decision-point rules.
GET/v1/trust/policies/retentionPer-subject-type TTLs the retention worker enforces nightly.

Bring us a trust problem we can prove.

We'll run your hardest dataset through DAVA Trust during a 5-day pilot. You keep the cleaned output and the evidence pack either way.

Start a pilotRead the docs