KURAL is sold to compliance teams whose first instinct is to read the contract before the brochure. So we ship the architecture, the legal posture, and a sample audit pack — before the first sales call.
A redacted but complete UKGC LCCP audit pack: 189 controls scored, evidence pointers, Merkle-root attestation, source-citation appendix. Judge the actual product in 30 seconds, before the first sales call.
Every evaluation, every connector pull, every finding writes one row. The chain head anchors to immutable storage every 24 hours.
Architectural commitment, not a setting. There is no write path into any operator system anywhere in the codebase. Cannot modify a self-exclusion, cannot change a limit, cannot trigger a payment. Observer-only by construction.
AWS eu-west-2 (London) primary, eu-west-1 (Ireland) read-only standby. No US LLM inference traffic. Single-tenant deployment option available for Tier-1 procurement requirements.
Every evidence record carries a per-entry Merkle root plus a chain hash linking to the previous record. Tamper detection happens at every read. Object-Lock anchors prove the chain state at every 24h checkpoint.
Cyber Essentials Plus (Q4 2026). SOC 2 Type I (Q4 2026). SOC 2 Type II (2027). ISO 27001 (2028). DPA + MSA templates ready for your legal review today.
AWS EMEA (hosting), GitHub (source code), Let's Encrypt (TLS). 30 days notice before any addition. Full list →
Control library is CC BY-SA 4.0. Connector code inspectable on request. We don't hide what we run on your data. The cryptographic primitives are standard library — auditable by any competent engineer.
Bug-bounty-style safe-harbour for security researchers. SLA: 2 business days acknowledgement, 14d critical fix. Policy →
status.kural.tech — live uptime across API, worker, transparency-anchor, source-watcher and TLS-certs components. 99.5% rolling-30-day SLA target for paid pilots.
We don't sell to gambling regulators. Your data never goes to a regulator without your explicit per-control, per-occurrence consent. Operator trust is the only moat that matters.