How it works

Evidor is the control plane for the AI your firm runs. It classifies, redacts, orchestrates, and audits every request your systems make.

This page walks through what happens to a single request from the moment one of your systems makes it to the moment the answer lands back in your environment. You can read it as a CEO and forward it to your IT and compliance leads without changing the document.

What this means in plain English: your firm can build AI into its real work, and still show a regulator, an auditor, or a client exactly what those systems did with the data.

Evidor architecture: firm to Evidor to AI providers, with cross-cutting audit trail Three columns. Left: your environment with custom assistant, internal app, and agent workflow boxes feeding into Evidor. Centre: a single Evidor Policy Plane box containing four stacked sub-blocks labelled Classify, Redact, Orchestrate, and Audit. Right: AI provider boxes for OpenAI, Anthropic, AWS Bedrock, and OpenRouter, receiving redacted requests from Evidor. Bottom: a horizontal lane labelled tamper-evident audit log feeding into Evidence Pack export and SIEM. A vertical trust-boundary line between the apps column and the AI providers column is annotated with "Data does not leave without Evidor's say-so". YOUR ENVIRONMENT EVIDOR — POLICY PLANE AI PROVIDERS Custom assistant Internal app Agent workflow 01 CLASSIFY Sensitivity zone 02 REDACT PII out, placeholders in 03 ORCHESTRATE Decide what each request needs 04 AUDIT Hash-chain every event TRUST BOUNDARY Data does not leave without Evidor's say-so. OpenAI Anthropic AWS Bedrock OpenRouter AUDIT LANE — CROSS-CUTTING Tamper-evident audit log Evidence Pack export SIEM

Step 01 — Classify

How do you know what your systems are sending before it leaves your firm?

When one of your systems makes a request, through a custom assistant, an internal app, or an agent workflow, Evidor reads it first. It tags the request by sensitivity: general, client-confidential, regulated personal data, competitively sensitive. Those tags decide what happens next.

The sensitivity tag drives the redaction, the routing, and the audit detail. Your firm sets the tags and the policy that flows from them. Evidor defaults are designed for legal, healthcare, financial, and regulated industries; nothing is hardcoded.

Under the hoodA custom-trained transformer classifier. Sensitivity tags are configurable per firm.

Step 02 — Redact

How do you stop sensitive material reaching the model in the first place?

Before the request leaves your environment, Evidor finds the sensitive material, names, identifiers, matter numbers, account numbers, anything your policy flags, and swaps it out for structured placeholders. The external model only ever sees the swapped version.

When the model answers, Evidor puts the original material back inside your environment before the answer reaches your team. The external model never holds the real data.

Honest about the limit

Redaction is high-confidence on clearly shaped data like names, numbers, and identifiers. On free-form text and richer content, the judgement is harder. We treat redaction as strong protection with honest residual risk, not a guarantee of zero leakage.

Under the hoodIndustry-standard detection extended with sector-specific patterns. The key that reverses the redaction stays in your environment, encrypted with the same standard your bank uses.

Step 03 — Orchestrate

How does Evidor decide what each request actually needs?

Evidor reads the request and works out what it needs. A simple, low-sensitivity question might go straight to a fast model. A request touching regulated data might be redacted first, then sent only to a model running inside your network. A complex request might be broken into parts, handled in the right places, and recombined before the answer comes back. Your firm sets the policy. Evidor applies it on every request.

This is the design Evidor is patenting. The patent covers how Evidor makes these decisions, including the cases that are not obvious.

Under the hoodProvider-agnostic. Today we route to OpenAI, Anthropic, AWS Bedrock, OpenRouter, and any model addressable through a standard proxy. Adding a provider is a configuration change.

US provisional patent 63/885,250.

Step 04 — Audit

When a regulator asks what your firm sent to AI and what came back, how long does it take you to answer?

Every event is recorded in a tamper-evident log: the request, the sensitivity tag, what was redacted, which model received it, what came back, and when. Each log entry is cryptographically linked to the one before it, so a quiet edit to any past event would visibly break the chain from that point onward.

When a regulator, client, or auditor asks "what did your firm send to AI on this date, and what came back", your team exports an Evidence Pack, a structured bundle of the relevant events, the original requests, the redaction map, and the proof that the chain is intact. Your team produces it on demand, not after weeks of reconstruction.

Honest about the limit

The chain detects modification. It does not prevent destruction. If someone with the right access deletes the whole log, the absence is itself an audit signal, and the copy that streams to your security team's log system survives. We call this tamper-evident, not tamper-proof.

Under the hoodEvery event streams in real time to your existing security log system in the standard formats your team already ingests.

What Evidor sees, and what it doesn't

We sit at the boundary, not inside the model.

Evidor sits between your firm and the AI provider. Every prompt that leaves your environment, every response that comes back, and every redaction we made before it left, we see those, log them, and make them verifiable.

What we do not see, and what no compliance tool can see, is what happens inside the AI provider's model once a request reaches it. Microsoft Copilot, Anthropic, OpenAI, AWS Bedrock, the model's internal processing is opaque to everyone outside the provider. By design, and by physics.

That is why Evidor's job is to make the boundary provable. What entered, what was redacted, which model received it, what came back, and when. The model's internal reasoning is not auditable by us, by you, or by your regulator. The boundary is. And the boundary is where the regulated data lives.

How Evidor fits

Evidor does not replace your tools. It works with them.

Your firm already runs tools for compliance posture, for connecting to model providers, for building agents. Evidor is not a replacement for any of them. It is the layer that makes what they do verifiable.

  • Compliance posture tools

    Your compliance posture tools tell an auditor your company is ready. Evidor produces the per-request evidence that proves it.

  • Model routing and proxies

    Your model-routing and proxy infrastructure connects you to providers. Evidor adds the classification, protection, and tamper-evident record a regulated firm needs on top.

  • Agent frameworks

    Your agent frameworks live in your application code. Evidor is the control plane those agents run through.

Evidor sits on top of the stack you already have and makes it accountable.

Next

If you want to dig further, two paths.

Apply to the Discovery Partner programme

A four-month structured exploration with our team. Three slots, regulated firms only.

Read the programme details

Book a call with the founder

30 minutes with Anson Zeall. No deck unless you ask. If we are not the right fit, we will say so.

Open scheduler