Prove your AI spend records weren't altered

"Prove these numbers are complete and unaltered."

It's the question finance, an auditor, or a customer's procurement team eventually asks: how do we know your AI cost records are the whole picture and nobody edited them? A dashboard total can't answer it. Numbers in a dashboard are just rows in a database — rows can be updated, deleted, or quietly back-dated, and a screenshot of a total proves nothing about what's behind it.

For cost allocation, COGS sign-off, or any compliance review, you don't need a prettier report. You need a record you can demonstrate wasn't tampered with.

The moat

Every request lands in a tamper-evident ledger

Every AI request metered by TOLVYN writes one entry to an append-only ledger. The ledger is built so that any change to a past record is detectable — not as a policy, but cryptographically.

Every ledger record is hash-chained (SHA-256) and signed with HMAC-SHA256 using a per-tenant key. Sequence numbers are allocated under a Postgres advisory lock per tenant — no gaps, no duplicates, even under concurrent writes. Each entry is written in the same database transaction as the request it accounts for, so there are no orphaned or partial records — every metered request has exactly one ledger entry, and every ledger entry has its request.

Because each record's hash includes the previous record's hash, altering any single entry breaks the chain from that point forward — and the break is detectable at the exact record where it happened.

Verify on demand

Re-derive and check any range of the chain with one command. Verification recomputes every record hash and HMAC signature, confirms each links to the previous record, and pinpoints the first record that doesn't verify if anything was touched.

# Verify any range of your tenant's ledger
$ tolvyn ledger verify
✓ hash chain intact
✓ all HMAC signatures valid
✓ no sequence gaps

You can also export the full ledger to CSV for your own records, your auditor, or your data warehouse.

How it works

• Request & meter. A request passes through the proxy and is metered — provider-reported tokens, cost in microdollars.
• Append. A ledger entry is written in the same transaction, chained by SHA-256 to the previous entry, with a gap-free sequence number under a per-tenant advisory lock.
• Sign. The record is signed with HMAC-SHA256 using a per-tenant key, proving both integrity and authenticity.
• Verify. Anytime, re-derive the chain with tolvyn ledger verify — it reports the first record that fails, or confirms the range is intact.

Why it matters

This turns "our dashboard says we spent $X" into evidence a finance team or auditor can actually rely on. Instead of trusting a number, they can verify the record behind it — and you can hand them a ledger export plus a verification they can re-run themselves.

What this is — and what it isn't

The ledger gives you the audit evidence you use for your own compliance, cost-allocation, and finance reviews. It is a verifiable record of what was spent — not a certification that TOLVYN holds on your behalf.

To be precise: TOLVYN is not SOC 2 or ISO certified yet (we're targeting SOC 2 Type I in late 2026). We don't claim a compliance badge we haven't earned. What we provide is the tamper-evident ledger, on-demand verification, and CSV export — the raw evidence your auditors and finance team can work with directly.

Make your AI spend provable

Start metering today and every request lands in your ledger from the first call. Free to start — 10,000 requests a month, no card required.