Evidence Packets
An Evidence Packet is the core deliverable of Assumetr. It is a signed JSON document (and human-readable PDF export) containing cryptographic proof of your telemetry data practices over a specific time window.
When your SOC 2 auditor asks: "How do you prove that you don't collect PII on your marketing site?" you give them an Evidence Packet.
What's Inside?
A packet contains:
- Configuration Ledger: A snapshot of your Privacy Controls during the reporting period. If you turned on IP hashing on Tuesday, the packet proves it.
- Data Inventory: A deduplicated schema of every event name, property key, and inferred data type observed.
- Egress Log: A record of every third-party Destination (e.g., Mixpanel, Snowflake) that received raw telemetry data.
- Retention Proof: System logs proving that data older than your retention window was securely purged.
Cryptographic Sealing
Assumetr generates a unique Ed25519 keypair for your workspace.
Every time a packet is generated, the entire JSON payload is hashed using SHA-256. That hash is then signed using your workspace's private Ed25519 key.
The public key is included in the packet payload. Your auditor can run standard cryptographic tools (openssl, libsodium) to independently verify that the payload hash matches the signature.
This guarantees:
- Authenticity: The packet was generated by Assumetr for your workspace.
- Integrity: The packet has not been altered since it was generated.
No screenshot of a settings page can provide this level of assurance.
Scheduled Generation
You can configure Assumetr to generate Evidence Packets on a schedule (e.g., Daily or Weekly) to maintain a continuous, immutable audit trail.