Security and Compliance

Control map, verification model, and certification boundaries.

Evidence handling controls

Immutable source policy

Source evidence is retained as original material and not mutated in-place.

Deterministic processing

Processing stages are deterministic and verifiable from known inputs.

Hash verification

SHA-256 hashes are used to verify source and derivative integrity.

Audit and oversight posture

Append-only event logs

Access, transform, and export activity is retained as durable audit events.

Role-aware access boundaries

Workspace capabilities are restricted by authenticated role and subscription scope.

Export reproducibility

Export bundles include manifest artifacts required for independent checks.

Federal Rules of Evidence alignment

Evident ICU produces the technical artifacts commonly required when evidence is offered in court. Admissibility is determined by the court; the platform supplies the foundation.

  • FRE 901 — Authentication: SHA-256 hashes at intake, derivative hashes at each pipeline stage, and a signed, append-only custody ledger give the proponent the record needed to show the item is what it is claimed to be.
  • FRE 902(13)–(14) — Self-authenticating electronic records: Exports include hash manifests and a certificate-of-process summary suitable for a qualified-person declaration under the 2017 amendments.
  • FRE 1001–1002 — Originals and duplicates: Originals are retained immutably; exported duplicates are byte-for-byte or documented derivatives with hash provenance back to the original.
  • Rule 26 / 34 — Discovery production: Export bundles carry a load file, Bates ranges, family grouping, and a manifest suitable for opposing-counsel production.

Compliance note

Evident provides technical controls for evidence integrity, auditability, and record governance. Platform documentation is informational and technical, and does not constitute legal advice.

Claims and Verification Matrix

The entries below map common platform claims to their documented scope and controlling references.

  • Hash at intake (SHA-256): Implemented for uploaded evidence and referenced in intake and privacy surfaces. See technical docs and privacy policy .
  • Immutable originals: Source evidence is preserved as original material; derivatives are tracked separately. See technical docs , terms , and membership agreement .
  • Append-only audit records: Access, transform, and export actions are retained as durable audit events. See technical docs , terms , and privacy policy .
  • Encryption at rest/in transit: Supported in production configuration; exact control posture depends on environment and executed agreements. See technical docs , DPA , and BAA .
  • GDPR/CCPA/HIPAA posture: Evident supports rights and compliance workflows; legal/regulatory sufficiency depends on your configuration, agreements, and counsel review. See privacy policy , DPA , and BAA .
  • Admissibility boundary: Evident does not guarantee admissibility; admissibility is determined by the court and case-specific context. See terms and membership agreement .

Review trust controls in context with your workflow requirements.

How the record holds up Read technical docs Request walkthrough