IMMUTRACE

IMMUTRACE

Universal cryptographic audit layer for OSINT, AI and decisional systems — making any backend accountable, with zero changes required.

Open source · AGPL-3.0 Backend-agnostic proxy overlay EU AI Act · GDPR-aware

Features

A transparent reverse proxy that turns any backend into an accountable one — integrity, confidentiality, and a right to erasure, without asking anyone to be trusted.

Tamper-evident audit chain

Global SHA-256 hash chain — any modification, deletion or reordering is detectable.

AES-256-GCM + GDPR Art.17

Sensitive fields encrypted at rest; cryptographic erasure removes personal data while the chain stays valid.

Shamir 3-of-5 key custody

The master key is split across custodians; no single party can reconstruct it.

eIDAS-ready timestamping

Adapter design: local signed timestamps now; qualified QTSP providers via configuration.

Polygon mainnet anchoring

Merkle roots of event batches anchored on a public blockchain — independently verifiable.

Backend-agnostic

Adapter pattern (HTTP today), a standalone injectable SDK, config-driven self-hosting.

153
automated tests passing
29
real anchors on Polygon mainnet
AGPL-3.0
fully open source
View on GitHub → Get in touch

Honest status: the core (audit chain, encryption + erasure, Shamir custody, mainnet anchoring) is working and tested. Remote separate-party custodians, eIDAS-qualified QTSP activation, and key rotation are on the public roadmap. No production deployments or partnerships are claimed at this stage.