Parity

Built to be audited.

Every run on Parity produces a tamper-evident record of what happened, why, and how. Whether you are meeting a compliance requirement, responding to an audit, or simply need to know that the work was done correctly, the evidence is always there.

Every run leaves a complete record.

When Parity runs a flow, it does not just produce an output. It produces a chain of evidence — a linked, tamper-evident record of every step taken: the flow version that ran, the inputs provided, every decision made during execution, and the final output. That record can be exported, shared with an auditor, or attached to a legal file.

The flow and the data
  • Flow version (hash-identified — the exact configuration that executed)
  • Inputs provided (file references, not raw data)
  • Timestamp of execution start and completion
The decisions, in sequence
  • Every decision made during execution, in order
  • For governed executions: the policy evaluated, the decision reached (ALLOW / REQUIRE / DENY), and the reasoning recorded
  • For deterministic executions: the compiled artifact hash, confirming exact execution with no deviation
The output and its proof
  • Output file reference and hash
  • Governance status (all decisions resolved, no overrides)
  • Export-ready evidence package

Hash-linked integrity

Each layer of the evidence record is linked to the next by a cryptographic hash. Modifying any part of the record — the inputs, the decisions, the output — breaks the chain. This makes the record tamper-evident: an auditor verifying the record can confirm it has not been altered since it was produced.

Exportable evidence records

Every execution evidence record is exportable as structured JSON (for programmatic verification) or a PDF summary (for human reviewers, legal files, or audit submissions). The exported record contains all three layers — what ran, what happened, what was produced — in a format designed to be readable by someone who has never used Parity.

See an example evidence record →

The evidence record is the answer to "how do I prove this was done correctly?" It exists for every run, automatically.

Every AI action is evaluated before it runs.

When Parity uses AI to run a flow, each action the AI takes is evaluated against your organization's governance policies before it proceeds. Not after — before. An action that would violate a policy is stopped. An action that requires approval is held until that approval is provided. The AI cannot take an action your policies prohibit.

1Policy evaluation

Before any AI action executes, Parity evaluates it against your organization's active policy bundle. Policies define which actions are permitted, which require additional conditions to be met, and which are denied outright.

ALLOWREQUIREDENY
2Decision record

Every evaluation produces a governance decision record: the action attempted, the policy that evaluated it, the decision reached, and the reasoning. These records are produced per action — not per flow run. A flow that takes fifty actions produces fifty decision records.

One record per decision, not per run

3Evidence chain

Governance decision records are linked into the execution's evidence chain. The final evidence record shows not just what the flow produced, but every governance decision that permitted it to get there.

Governance decisions are part of the permanent record

Policy control

Enterprise organizations configure their own governance policies — the rules that define permitted and prohibited actions for their flows. Policies are versioned, signed, and verified before they take effect. Parity also applies a baseline policy layer that applies to all governed executions regardless of organizational configuration.

Talk to us about governance configuration →

What governance covers

Artifact integrityConfirms required outputs and verification steps are present before a flow can complete.
Flow integrityPrevents required steps from being skipped.
Capability controlRestricts which tools and system actions the AI can invoke.
Risk governanceEscalates to human review when anomaly or complexity thresholds are exceeded.
Operational complianceEnforces organizational rules: approval windows, required sign-offs, scope limits.

Your data is yours.

Parity processes operational documents — contracts, records, reports, financial data — on your behalf. What we hold, how long we hold it, and how it is protected are not afterthoughts.

Parity holds

  • Flow definitions (the extracted intent and compiled artifacts for saved flows)
  • Execution inputs (files provided for a run, held for the duration of execution and evidence record retention)
  • Execution outputs (results, retained per your organization's retention configuration)
  • Evidence records (the audit trail for each execution, retained per retention configuration)
  • Account and organization data (name, email, role, billing)

Parity does not hold

  • Persistent copies of input files beyond the retention window
  • Raw model weights, training data, or inference logs
  • Payment instrument data (handled by payment processor)

Encryption

Data in transitTLS 1.2 minimum, TLS 1.3 preferred
Data at restAES-256
Evidence record signaturesEd25519

Retention and deletion

Default retention periods for execution inputs, outputs, and evidence records are defined per contract for enterprise customers. Evidence records may be subject to customer-specific legal hold requirements. Users can delete individual execution records from their History page. Organization admins can initiate full data deletion requests.

Controls for organizations that need them.

SOC 2 Type II

In progress

Parity is pursuing SOC 2 Type II certification covering security, availability, and confidentiality. Enterprise customers requiring SOC 2 documentation should contact their account team for current status and timeline.

Contact us about compliance documentation →

Access controls

Single sign-on (SSO)Enterprise organizations can configure SSO via Okta, Azure AD, Google Workspace, or any SAML 2.0-compatible identity provider.
Role-based accessOrganization admins assign roles (Admin, Member, and Viewer) to control who can manage governance configuration, view org-wide usage, and invite new members.
Governance policy controlsEnterprise admins upload and manage the governance policies that govern AI-assisted flows within their organization. Policies are signed and versioned.

Audit log exports

Every execution evidence record is exportable as PDF or JSON. For enterprise customers, Parity supports per-execution evidence export and bulk evidence export by date range — in a format designed for submission to external auditors or regulators.

Responsible disclosure

Parity maintains a responsible disclosure program. Security researchers who identify vulnerabilities are encouraged to report them at support@parity.work. We commit to acknowledging receipt within 2 business days and providing a resolution timeline within 10 business days for confirmed vulnerabilities.

Ready to see how Parity handles your work?

Talk to our team about your organization's compliance requirements, or start with a free account and see the evidence record your first workflow produces.

Talk to usStart for free