Frequently Asked Questions

The AI Decision Ledger is the core of AI Control Tower. It creates a tamper-evident, cryptographically-linked record of every AI decision made across your organization.

Unlike simple audit logs, the Decision Ledger provides:

• Cryptographic hash-chaining — each decision is linked to the previous one via SHA-256 hash

• Tamper detection — any modification to historical records breaks the chain and is immediately detectable

• Verifiable provenance — auditors can independently verify the complete history

• Zero-trust architecture — integrity can be proven without trusting the platform

This creates an independently checkable audit trail that meets the evidentiary standards required by regulators, auditors, and internal governance teams.

AI Control Tower is built on a zero-PII architecture.

What we DO NOT store:

• Personal Identifiable Information (PII)

• Sensitive attributes (race, gender, ethnicity, nationality, religion, etc.)

• Demographic data encoded in identifiers

• Raw biometric or health data

What we DO store:

• Pseudonymous user identifiers (e.g., user_a1b2c3d4)

• AI model inputs/outputs (which you control)

• Decision metadata (model, cost, latency, policy applied)

• Abstract group identifiers for fairness analysis (group_a, group_b — not ethnic labels)

PII Detection (not storage):

Our PII detection engine scans AI inputs/outputs for patterns (SSN, credit cards, emails, etc.) and flags their presence — but does not log the actual values. You're alerted that PII was detected, not what it was.

This architecture ensures compliance with GDPR, CCPA, HIPAA, and other data protection regulations while still enabling comprehensive AI governance.

AI governance is now required or strongly recommended across multiple frameworks:

🇪🇺 EU AI Act (2026)

Articles 9-15 require risk management, logging, human oversight, and tamper-evident record-keeping for high-risk AI systems.

🇺🇸 NIST AI Risk Management Framework

Requires continuous monitoring, record-keeping, and governance processes — especially for federal agencies and contractors.

🌍 ISO/IEC 42001

The first international standard for AI management systems — requires decision traceability, audit trails, and governance controls.

🏦 Sector-Specific Frameworks:

• Finance: MAS AI Governance (Singapore), SEC AI Disclosure, Basel III operational risk

• Healthcare: FDA AI/ML guidance, HIPAA, clinical decision support requirements

• Education: FERPA, state AI-in-education guidelines, algorithmic transparency requirements

• Government: EO 14110, FedRAMP, state procurement AI requirements

Each framework expects organization-owned, tamper-evident logs and explainable decision records — not just third-party telemetry.

Model monitoring and AI governance solve different problems:

Model Monitoring:

• Tracks accuracy, drift, and performance

• Answers: "Is my model working correctly?"

• Focus: model quality and reliability

• Users: ML engineers, data scientists

AI Governance (Control Tower):

• Tracks accountability, compliance, and provenance

• Answers: "Did we use AI properly and compliantly?"

• Focus: organizational risk and regulatory compliance

• Users: compliance, legal, risk, security, executives

Key Governance Capabilities (not in model monitoring):

• Tamper-evident audit trails (hash-chain integrity)

• Verifiable AI provenance

• Policy enforcement and compliance status

• Cross-provider unified governance

• Regulatory-aligned reporting (EU AI Act, NIST, etc.)

• Human oversight and accountability tracking

You need both. Model monitoring ensures AI works; governance ensures AI use is defensible.

Starter: Free (up to 10,000 decisions/month)

Professional: $99/month (up to 100,000 decisions/month)

Enterprise: $499/month (unlimited decisions + advanced features)

All plans include:

• AI Decision Ledger with hash-chain integrity

• Integrity Verification page

• Real-time dashboards

• Policy management

• PII detection

• Audit trail exports

• API access

• Email notifications

Enterprise adds:

• Unlimited decisions

• White-label options

• SSO / SAML

• Dedicated support

• SLA guarantees

• Self-hosted deployment option

• Custom compliance reports

Metered add-on: Need more than plan limits? Pay-as-you-go at $0.001 per additional decision.

You could build internally — but our customers report it's costly and time-consuming.

What we've already solved:

• Multi-vendor standardization (OpenAI, Anthropic, Azure, Google, local)

• Cryptographic hash-chain integrity

• Policy engine with configurable governance framework

• Secure multi-tenant data isolation

• Self-service integration UI (Slack, ServiceNow, webhooks)

• Automated anomaly detection (every 15 minutes)

• Export formats for compliance teams

• Real-time PII detection

• Regulatory framework mappings (EU AI Act, NIST, ISO 42001)

Based on customer feedback, building comparable infrastructure typically takes 2-3 engineers 6-12 months, costing $300K-$500K — and still lacks cross-provider depth and continuous regulatory updates.