Private Beta · Zero-Knowledge Compliance

Prove compliance.
Share nothing.

Replace screenshots and exports with cryptographically verifiable zero-knowledge proofs. Auditors verify the mathematics — your infrastructure stays invisible.

Request Early Access → See How It Works
No raw data ever leaves your cloud Verified by cryptography, not trust Works inside your existing environment
proof_package · AC-2.MFA_ENFORCEMENT Verified
control_idAC-2.MFA_ENFORCEMENT
proof_typeZK_SET_MEMBERSHIP
verdictPASS
evidence_commitment0x7a3f9c8b2e1d04a6...
corroborationSTRONGLY_CORROBORATED
zkp_proof0x1f8b08c4e9...2c4a · 847 bytes · PLONK
ISO 27001 A.8.5 · SOC 2 CC6.1 Verified in 4ms · Merkle root 0x9d2f...1a
Covers the frameworks auditors actually ask for
ISO 27001
SOC 2
Cyber Essentials
EU AI Act
HIPAA
NIST CSF
GDPR
Integrates with your existing stack
Azure
AWS
Microsoft 365
Okta
GitHub
Google Cloud
The Problem

Compliance today is evidence theatre

Even "continuous compliance" platforms still pull raw data into vendor-hosted dashboards. You're trading one trust problem for another.

Traditional Model

1Control checked manually
2Screenshot or export created
3Evidence emailed or uploaded
4Auditor reviews raw data
5Point-in-time, instantly stale
Trust the vendor. Trust the screenshot.

Valro

1Agent queries APIs inside your cloud
2Generates zero-knowledge proof of control state
3Only the mathematical proof leaves your environment
4Verifier checks the proof — no raw data needed
5Merkle-chained, continuously updated
Trust the mathematics. Trust nothing else.
Process

From API to proof in minutes

The Valro agent runs entirely inside your cloud environment. Raw data never leaves.

01

Collect

Platform adapters query Azure, M365, Okta, AWS, and other APIs. Responses normalised into a standardised evidence format.

02

Witness

Evidence transformed into the ZKP circuit's private witness. Entity identifiers hashed. Raw data discarded.

03

Prove

The PLONK prover generates a zero-knowledge proof that the witness satisfies the compliance circuit. Only the proof remains.

04

Verify

Anyone can verify the proof in under 10ms. No trust in Valro required. The mathematics is the authority.

Privacy

The verifier sees the proof,
never your data

Zero-knowledge means exactly that. The proof reveals only whether a control is satisfied — nothing else.

What verifiers see

  • Control ID and framework mapping
  • PASS or FAIL verdict
  • Cryptographic evidence commitment
  • Corroboration score and signals
  • Merkle chain proof of continuous compliance
  • The ZKP proof itself — independently verifiable

What verifiers never see

  • Actual API responses or raw system data
  • User identities, emails, account names
  • How many accounts or resources exist
  • Configuration values or resource details
  • Internal network topology
  • Anything about your internal state
<10ms
Proof verification time
~1KB
Proof size vs MB of raw exports
0
Customer data held by Valro
0
ZKP circuit templates, parameterised for any control
Controls

Ten controls covering the highest-value audit evidence

Each control is a parameterised ZKP circuit mapped to ISO 27001 and SOC 2 clauses. Not a script — a mathematical proof.

MFA enforcement for privileged accounts
Circuit 1A.8.5 · CC6.1
Encryption at rest on storage & databases
Circuit 4A.8.24 · CC6.1
Logging & audit trail retention
Circuit 2+4A.8.15 · CC7.2
Network security group configuration
Circuit 4A.8.20 · CC6.6
Access reviews for privileged roles
Circuit 5A.5.18 · CC6.1
Password policy minimum length
Circuit 2A.8.5 · CC6.1
Session timeout thresholds
Circuit 2A.8.5 · CC6.1
Deprovisioning within policy timeframe
Circuit 5A.6.5 · CC6.2
Vulnerability scanning active & current
Circuit 5A.8.8 · CC7.1
Key rotation within policy interval
Circuit 2A.8.24 · CC6.1
Architecture

Data never leaves.
Valro holds zero.

The agent runs in your cloud. Valro's infrastructure contains only mathematical proofs. We couldn't leak your data if we were breached — we never had it.

Your Environment

Adapter Layer — Queries Azure, M365, Okta, AWS, GitHub, SaaS APIs
Witness Generator — Normalises evidence, hashes identifiers, creates commitments
ZKP Prover — PLONK circuits generate proofs. Evidence discarded after proving.
Proof Packager — Signs and bundles. Only artifact that leaves.
Proof
only

Valro Infrastructure

Proof Registry — Append-only. Verdicts, hashes, proofs, timestamps. No raw data.
Merkle Chain — Verifiable compliance timeline. Publicly anchored root hash.
Verification API — Public. Anyone verifies any proof in <10ms. Zero trust.
Verifier Portal — Client-side WASM verification. Browser confirms independently.
FAQ

Common questions

No. The Valro agent handles all cryptographic operations internally. You deploy a container into your cloud environment and configure API credentials — no zero-knowledge expertise required.

Outbound only, to post the finished proof package to Valro's registry. Raw evidence never leaves your environment — only the mathematical proof (typically ~1KB) is transmitted over the wire.

Most organisations generate their first proofs within 10 minutes of deploying the container. Pre-built adapters for Azure, AWS, M365, Okta, and GitHub cover the most common controls out of the box.

Yes. The verification API is public and requires no account. Auditors can verify any proof in under 10ms using our open-source verifier or directly via the API. Valro is not in the trust path at verification time.

Proofs are self-contained and independently verifiable. The verifier library is open-source. Your compliance history remains intact and verifiable regardless of Valro's operational status.

Early Access

Stop sharing evidence.
Start sharing proofs.

Private beta. Working with a select group of security conscious companies. Your infrastructure stays in your control only mathematics leaves.

Request Early Access → Read the Architecture