Under Active Development

The Compliance-
First Database

For industries where data integrity is non-negotiable.

View on GitHub See It In Action

Building for Compliance Is Hard

When your application handles PHI, financial records, or regulated data, you need infrastructure that auditors will accept. That means you need to build:

Immutable audit trails for every change
Cryptographic proof of data integrity
Per-tenant encryption and isolation
Point-in-time reconstruction

Most teams bolt these onto existing databases. VerityDB does this for you.

Here's how:
Fig. 1 Dashed borders = steps you build and maintain. Double borders = built-in.
PostgreSQL + Bolt-ons 8 steps
1
Receive
2
Audit
3
Encrypt
4
Write
5
Audit DB
6
Hash
7
Store
Done
0.0ms
VerityDB 5 steps
1
Receive
2
Validate
3
Append
4
Project
Done
0.0ms
Core Built-in You maintain

Building compliance yourself means 5+ bolt-on components to maintain. VerityDB has it all built-in—and it's still fast.

All data is an immutable, ordered log. All state is a derived view.

SQL to Events to Projections

Traditional databases hide their internals. VerityDB shows you exactly what happens when you execute a SQL statement.

Fig. 2 Experience the VerityDB CLI. Execute SQL and watch it become an immutable event.
veritydb-cli
veritydb> INSERT INTO patients (id, name) VALUES (1, 'Jane'); UPDATE patients SET name = 'Jane Doe' WHERE id = 1; SELECT * FROM patients WHERE id = 1;
Event Generated Log #848 
{
  "type": "INSERT",
  "table": "patients",
  "data": {
    "id": 1,
    "name": "Jane"
  },
  "hash": "a3f2b1c9...",
  "prev": "7f8a9b2c..."
}
SEALED
Committing to log...
Projection Updated patients
id name _offset
1 Jane #848
Query complete. Log position: 848
Click INSERT, UPDATE, or SELECT to change the query. Press Send to execute.

Complete Audit Trail

Every action recorded. Every change traceable. Answer any auditor's question instantly.

Fig. 3 Filter by event type or use playback controls to watch events unfold.
Filter:
StreamCreated
Actor
system
Correlation ID
7f3a2b1c
Stream
patient_records
Tenant
healthcare_co
RecordCreated
Actor
nurse_jane
Correlation ID
a9c8d4e2
Record Type
vitals
Patient ID
P-12345
RecordUpdated
Actor
dr_smith
Correlation ID
b5e7f1a3
Fields Changed
blood_pressure
Previous Hash
a9c8d4e2
RecordAccessed
Actor
dr_smith
Correlation ID
c2d9e8f4
Access Type
read
IP Address
10.0.1.42
RecordAccessed
Actor
nurse_jane
Correlation ID
d3e0f9a5
Access Type
chart_review
Patient ID
P-12345
RecordCreated
Actor
lab_tech
Correlation ID
e4f1a0b6
Record Type
lab_results
Patient ID
P-12345
RecordUpdated
Actor
dr_smith
Correlation ID
f5g2b1c7
Fields Changed
diagnosis
Previous Hash
e4f1a0b6
RecordUpdated
Actor
pharmacy_sys
Correlation ID
g6h3c2d8
Fields Changed
rx_status
Previous Hash
f5g2b1c7
RecordAccessed
Actor
compliance_officer
Correlation ID
h7i4d3e9
Access Type
audit_review
IP Address
10.0.2.15
ExportRequested
Actor
compliance_officer
Correlation ID
i8j5e4f0
Export Format
signed_json
Records
10
Create Update Access

Time Travel Query Explorer

Drag the clock hand to travel through time. Every past state is perfectly reconstructable.

Fig. 4 Drag the clock hand counter-clockwise to rewind. Watch rows appear and values change.
Now
0 25 50 75 100
Log Position 100

Query Results

AS OF Position #100
SELECT * FROM accounts AS OF POSITION 100;
id name balance status
1 Acme Corp 12,400 active
2 Globex Inc 24,800 active
3 Initech LLC 3,200 active
4 Stark Industries 156,000 active
5 Wayne Enterprises 320,000 active
6 Umbrella Corp 8,900 active
No records exist yet. Move forward to see the first account created at position #10.
Notice the typo: "Acme Crop" gets corrected to "Acme Corp" at position #35.
Globex just got verified. Three more accounts will be created after this point.
Umbrella Corp just joined - still pending approval.
6 rows
Active Row Deleted (recoverable)

Tenant Isolation by Design

Each tenant's data is cryptographically isolated. Cross-tenant access is impossible by construction.

Fig. 5 Each tenant's encryption keys are completely isolated.
Healthcare Co

Healthcare Co

PHI HIPAA us-east-1
Master Key AWS KMS / HSM
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM
FinanceOrg

FinanceOrg

PCI-DSS SOX eu-west-1
Master Key Azure Key Vault
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM
LegalFirm LLP

LegalFirm LLP

Privilege eDiscovery us-west-2
Master Key On-premise HSM
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM
GovAgency

GovAgency

FedRAMP FISMA us-gov-west
Master Key FIPS 140-2 HSM
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM
RetailCorp

RetailCorp

PCI GDPR eu-central-1
Master Key GCP Cloud KMS
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM
InsureCo

InsureCo

SOC 2 NAIC ap-south-1
Master Key HashiCorp Vault
Key Encryption Key Per-tenant, wrapped
Data Encryption Key AES-256-GCM

Compliance Without Compromise

VerityDB is engineered for production workloads. No artificial slowdowns. No "compliance mode" toggles.

Fig. 6 Production-grade performance with full compliance guarantees.
0K+ TPS with fsync Write throughput
<1000ms p99 latency Write operations
<100000µs p99 latency Indexed reads
O(1) Verification Via checkpoints

SHA-256 where compliance requires it. BLAKE3 where speed matters.

Mutable vs. Immutable

Drag the slider to compare how traditional databases and VerityDB handle updates. One forgets. One remembers everything.

Fig. 7 Drag the slider or click the labels to reveal each paradigm.

Immutable Log

UPDATE patients SET name = 'Jane Smith' WHERE id = 1;

-- Creates Event #47
-- Previous events preserved

Event history:

#47 UPDATE name = 'Jane Smith' 09:30:00
#23 UPDATE name = 'Jane Doe' 09:15:00
#1 INSERT (id=1, name='Jane') 09:00:00
"What happened, and when?"

Mutable State

UPDATE patients SET name = 'Jane Smith' WHERE id = 1;

-- Previous value: GONE FOREVER
-- History: Non-existent

Current row:

id: 1 name: Jane Smith
id: 1 name: Jane Doe (overwritten)
"What's the current value?"

Under the Hood

Explore the implementation details that make VerityDB work.

Tamper-Evident Audit Trail

Each record cryptographically links to the previous. Change one byte, break the entire chain.

Fig. 8 Click "Tamper" to modify a record. All subsequent hashes become invalid.

Deterministic Simulation Testing

We test VerityDB using deterministic simulation—running months of simulated time in seconds to find edge cases that would take years to hit in production. Bugs found before they reach you.

Fig. 9 A visualization of our test harness. Wall clock vs simulated time—we compress months into seconds to stress-test edge cases.

Wall Time

0s

Simulated Time

1000x
0s
Events Processed 0
DST Transitions 0
Leap Seconds 0
Edge Cases Found 0
Invariant Violations 0

Edge Cases Discovered:

  • Midnight rollover during transaction
  • DST spring-forward gap
  • Year boundary + leap second
  • Concurrent write at exact same timestamp

Log-First Architecture

The log is the source of truth. State is just a convenient, rebuildable cache. Your data is always recoverable.

Fig. 10 Drag the time-travel slider to see the state at any point in history.

Derived View

Field Value
patient_name John Doe
vitals (pending)
labs ordered
last_access Dr. Smith @ 09:25
Total Events
5
Records
2
Updates
1
Access Events
1

Want the full technical details? See the Architecture Deep Dive.

Open Source & Licensing

Open-core model with a clear philosophy: You are not buying software. You are buying assurance.

Open Source Core

Apache 2.0
Replicated log with hash chaining
Projection engine
SQL subset query layer
SDKs for common languages

The open source version is correct and complete. Nothing is artificially limited.

Commercial Assurance

Paid offerings transfer operational burden:

Compliance Tooling — Sealing, audit reports, exports
Key Management — KMS/HSM integration, rotation
Attestations — Third-party timestamp anchoring
Managed Cloud — We operate it. SLAs included.

If you cannot explain where a piece of data came from, you do not control it.

VerityDB is built so that you always can.

Ready to Explore?

VerityDB is under active development. Star the repo to follow our progress, or read the blog for deep dives into our architecture.

Star on GitHub Read the Blog