Provable audit integrity for critical application events
You already record critical actions. Untamper makes them defensible — with tamper-evident chains your team and auditors can independently verify.
No credit card required · Free tier includes 10k events/month
You already record critical actions. Untamper makes them defensible. ·Cryptographic chain verification · Independent auditor access · SDK in minutes
Built for high-risk events
Best for teams that need proof, not just logs
Untamper is purpose-built for the events where tampered records have real consequences.
Admin Console Actions
Every role change, permission grant, and config override — with a chain you can verify independently.
Learn more →Privileged Access Events
Escalations, break-glass access, and sudo-equivalent actions with immutable, verifiable records.
Learn more →Sensitive Data Access
PII reads, export events, and bulk queries with the proof your compliance team needs.
Learn more →Approval Workflows
Multi-step approvals recorded as a verifiable sequence — not just a log entry.
Learn more →AI Agent Activity
Cryptographic proof of what your AI agents did, when, and in what order — essential as autonomous systems make consequential decisions.
Learn more →More use cases coming
Why Untamper
Audit logs that hold up under scrutiny
Not just logged — provable
Every event is hashed and chained to the previous one. Altering any record breaks the chain — a fact anyone with the public key can verify, independently, any time.
Built for high-risk events
Purpose-built for the 1% of events that matter: admin actions, privilege changes, sensitive data access. Not a general-purpose logging firehose.
Auditor-ready exports
One-click exports with cryptographic verification proofs attached. Your auditors can verify integrity without touching your infrastructure.
How it works
From event to verifiable proof in minutes
Four steps — two are automatic.
Send events
Instrument your app with our SDK. One function call per critical event — actor, action, target, metadata.
untamper.log({
actor: { id: user.id, type: 'admin' },
action: 'role.grant',
target: { id: org.id }
})Normalize & secure
Events are canonicalized, timestamped with a trusted source, and persisted with structured metadata.
Tamper-evident via crypto
Each event is SHA-256 hashed against its predecessor, forming a cryptographic chain. Any alteration invalidates all subsequent hashes.
Verify later
Run verification any time — from our dashboard, the CLI, or your own tooling using the public verification API.
const result = await untamper.verification.verifyLogs(logs)
console.log(result.valid, result.totalLogs)Compare
Why not just use what you already have?
Most tools record events. None of them make those events provably unaltered.
| Feature | Untamper | Datadog | Native Logs | Generic Stack |
|---|---|---|---|---|
| Critical event focus | ||||
| Independent chain verification | ||||
| Export with verification proof | ||||
| Typed SDK with structured events | ||||
| Full-text + metadata search | ||||
| Auditor access without infra access | ||||
| Tamper detection |
Yes Partial No
Trust model
How Untamper makes records provable
We don't ask you to trust that logs weren't altered. We give you the math to verify it yourself.
What gets hashed
The canonical event payload: actor, action, target, timestamp, metadata — plus the hash of the previous event in the chain.
Chain model
Each event's hash depends on the previous. Insert, modify, or delete any event and all subsequent hashes become invalid — automatically detectable.
How to verify
Anyone with the public API can recompute the chain. Our CLI, SDK, and dashboard all expose one-command verification.
Start building free
Instrument your first critical event in minutes. Free tier includes 10,000 events per month with full chain verification.