Self-hosted · Source-available · In design-partner beta

The compliance engine you own. The proof the world can verify.

ApAnA enforces policy-as-code inside your own infrastructure — redacting sensitive data in transit and issuing cryptographic receipts for every destruction event. Your data never leaves your walls. Only the proof does.

Currently in active development with our first design partners
The Architecture

Two planes. One line drawn where it matters: your data stays with you.

Compliance middleware usually asks you to trust a vendor with your payloads. We designed ApAnA so you never have to.

The Engine

Data plane — yours, downloaded

A lightweight service you run in your own environment. It inspects traffic against executable policy, strips what shouldn't pass, and destroys what has expired — then writes each event to a local, hash-chained, append-only ledger.

  • Policy gaskets — regulatory rules as versioned, executable code
  • In-transit redaction — PII removed before it ever exits the valve
  • TTL enforcement — data carries its own expiry; the engine honors it
  • Source-available — audit the code that guards your data

The Registry

Control plane — hosted, deliberately thin

The meeting place. Counterparties pin contract versions, receive drift alerts when a policy changes on either side, and anchor destruction receipts — as hashes only. We hold proofs, never payloads.

  • Contract sync — standing agreements between APIs, version-pinned
  • Drift detection — know the moment a counterparty's policy moves
  • Receipt anchoring — public verifiability without a byte of real data
  • Gasket feed — regulatory updates delivered as code, continuously
The Proof

Drag the slider. Watch the sieve work.

This is the engine's core motion: a packet enters, policy executes, sensitive fields are surgically removed, and a signed receipt is committed to the ledger.

// inbound packet { "order_id": "ORD-88412", "amount": 184.50, "email": "m.reyes@corp.com", "ssn": "545-xx-xxxx", "card": "4485 ···· ···· 9021", "region": "us-east" }
Sieve
// policy: GASKET-PII-v1 { "mode": "enforce", "redact": ["email","ssn","card"], "ttl": "5s", "receipt": "sign + anchor", "ledger": "append-only" }
Ledgerawaiting flow — drag the slider to execute policy
The Difference
"Monitoring tools observe your systems.
ApAnA enforces inside them. The control is the evidence."

Every receipt in the ledger was emitted by the policy executing — not collected after the fact. When your auditor asks for proof, you don't assemble it. You hand them the query.

Principles

As complex as necessary. As simple as possible.

I.

Your data never leaves your walls

The engine is self-hosted by design. We architected ourselves out of the custody chain — the strongest privacy guarantee is the one that requires no trust in us at all.

II.

Claims we can't prove don't ship

You'll find no compliance badges here we haven't earned. We are building toward SOC 2 readiness and will publish our audit journey — including our own engine's public receipt ledger — as we go.

III.

Readable code is the trust signal

The engine's source is available for inspection. Security through obscurity protects vendors; scrutiny protects you. We chose you.

The engine speaks
OIDCSAML 2.0OAuth 2.0SCIMJWTmTLSJSON Schema