← proofpane.com
What is Proofpane?
Proofpane is an AI governance platform — the evidence plane for governed AI work.
Every AI action across a team's tools is gated by policy at runtime, recorded in a tamper-evident
hash-chained audit log, and exportable as an Ed25519-signed Evidence Pack that an auditor verifies
offline, with no Proofpane account and no need to trust the vendor.
Who it's for
The people who answer for the company's AI — what it spends (CFO), what it leaks
(CISO / internal audit), what it decides (CEO / board). Teams keep their existing tools;
nothing changes for the people who just use them.
What it does
- Gates before execution: allow / deny / human-approval on AI tool calls; DLP redacts secrets before a model sees them; risky actions pause for a menu-bar approval.
- Covers the tools teams already use: Claude Code, Cursor, Codex, Claude Desktop and MCP clients via each vendor's official hooks and MCP (never TLS interception); n8n / UiPath / Zapier via an egress gateway and execution-audit webhook; any OpenAI-compatible API agent.
- Meters every dollar: per-user and per-department budgets and hard caps, with refusals that are themselves audited, reconciled 1:1 against vendor invoices.
- Proves what happened: hash-chained, append-only audit with a DB-level immutability trigger and Ed25519 chain-head anchoring; 335 controls pre-mapped across NIST AI RMF, ISO/IEC 42001, EU AI Act, GDPR and SOC 2.
- Headless by design: end users never open a Proofpane screen — their own AI software talks to Proofpane machine-to-machine (MCP, an agent-to-agent A2A API, CLI, egress gateway); dashboards and the menu-bar approval tray exist for oversight.
- Improves under the same governance: production defaults change only by winning a recorded, significance-gated experiment — tested on your data, human-approvable, reversible.
What it is not
- Not a policy-document / GRC checklist tool — the evidence is generated by runtime enforcement, not attested after the fact.
- Not a wrapper IDE or replacement agent — governance rides official extension surfaces.
- Not TLS interception — no root CA, no new attack surface; per-client coverage depth is published honestly instead.
- Not a certification — Proofpane produces operational evidence; it does not replace legal advice, certification bodies, or regulator judgment. See the Trust Center.
See it
Live demo — populated org, no signup ·
walkthrough recordings · install ·
how it differs from GRC and log tools
Last updated 2026-07-09 · Proofpane, Auckland, New Zealand · [email protected]