Compliance, rebuilt
as infrastructure.
A portfolio of compliance products, technologies and open standards, built so organizations can prove what they are doing, not just claim it. Here is each one: what it is, what it does, and why it counts as infrastructure.
Every part of your compliance work, in one place.
What it is
Hubz is DataHubz's flagship platform: twelve integrated modules that replace the scattered mix of spreadsheets, drives, chat tools and point solutions most teams use to run compliance. From Vault and Messages to Comply, Evidence, Studio and Conductor, it brings data, collaboration and proof under one governed roof.
What it does
-
Vault & Files
Compliance-first file storage, isolated per organization and governed by your rules by default.
-
Encrypted Messages
Team channels and direct messages with keys you control, isolated from third-party tools.
-
Frameworks & Controls
Run frameworks, roadmaps, signatures and reviews in Comply, then implement and prove hundreds of controls in Evidence.
-
Immutable Audit Trail
Every action captured the moment it happens. Filterable, verifiable and impossible to change.
-
Studio
Build datasets, collect through forms and visualize everything with charts and dashboards.
-
AI Conductor
Delegate work to AI through one-shot missions or repeatable workflows, grounded in your real data.
What else
Built on the stack
VeriCode attestation and the CSE Registry vocabulary run underneath, so posture is verifiable, not just asserted.
Who it is for
Compliance, security and GRC teams pursuing or maintaining ISO 27001, SOC 2, HIPAA and more.
See it in motion
A twelve-chapter product tour walks the whole platform, app by app.
The world’s first compliance-native Git platform with blockchain attestation.
What it is
GuardGit is a Git platform that treats compliance as a first-class citizen of the development workflow. Instead of bolting scanners onto CI after the fact, it scans your repositories against regulatory frameworks, computes your posture and anchors the result on-chain, so the proof travels with the code.
What it does
-
Multi-Framework Scanning
Evaluate repositories against 12 regulatory frameworks using more than 1,100 compliance signals.
-
Posture Scoring
Compute a clear, current compliance posture from the signals it detects.
-
AI Remediation
Turn findings into guided, actionable fixes mapped to the controls they satisfy.
-
Anonymous Repos
Assess sensitive code without exposing it.
-
On-Chain Attestation
Prove posture with zero-knowledge proofs, without revealing the underlying code or data.
What else
Powered by VeriCode
Its attestation engine anchors evidence on Horizen MainNet with Groth16 proofs verified on zkVerify.
Aligned to CSE
Signals map to the open CSE Registry vocabulary, so results mean the same thing everywhere.
Who it is for
Engineering and security teams who must prove regulatory posture without exposing proprietary code.
Sovereign compliance AI, by construction.
What it is
VeraComply is a compliance AI assistant that runs entirely inside your perimeter. There are no outbound calls and no third-party model vendors: the model, the frameworks and your documents stay on infrastructure you control, air-gapped by default. Every answer it gives is grounded in source you can open and check.
What it does
-
In-Perimeter Inference
The model runs on your hardware, with no data leaving your environment.
-
Pre-Indexed Frameworks
Ships with regulatory frameworks already indexed and ready to query.
-
Grounded Retrieval
Answers come from your real controls and documents, not from thin air.
-
Source-Linked Answers
Every claim links to the exact control, page and document that supports it.
-
CSE-Aligned
Reasoning is anchored to the shared CSE Registry vocabulary.
What else
Sovereign by design
Suitable for air-gapped, regulated and data-residency-bound deployments.
Provenance built in
Source-linked answers make every response auditable, not just plausible.
Who it is for
Organizations that cannot, or will not, send compliance data to external AI services.
A live window into your security assessment, built for the client.
What it is
Rubro is the client-facing portal for security assessments and penetration tests. It gives the organization being tested a clear, real-time view of the engagement: what is in scope, what is being found, how much has been covered, and the standing authority to halt all testing at any moment.
What it does
-
Scope & Authorization
See the agreed boundary and the legal-gate chain, then approve the documents that unlock testing.
-
Live Findings
Read validated findings in plain language, with severity, business impact and framework-mapped remediation.
-
Coverage & Assurance
Watch the rigor build: methodology executed, controls validated, targets exercised, evidence captured.
-
Remediation & Retest
Track every finding from open, through remediation, to a verified retest.
-
Stop-Test Control
An unconditional, one-click authority to halt all testing immediately.
What else
Framework-mapped
Findings tie to NIST, CIS and ISO, so remediation maps to what you report against.
On the record
Messages, approvals and decisions are kept with the engagement and recorded on the audit chain.
Who it is for
Organizations commissioning penetration tests who want full transparency and control.
The blockchain attestation engine behind verifiable compliance.
What it is
VeriCode is the proprietary DataHubz technology that turns compliance evidence into independently verifiable proof. It anchors evidence on a public blockchain and generates zero-knowledge proofs, so a third party can confirm a compliance claim is true without ever seeing the underlying code, documents or data.
What it does
-
On-Chain Anchoring
Anchor evidence on Horizen MainNet for a tamper-evident, timestamped record.
-
Zero-Knowledge Proofs
Generate Groth16 proofs that prove a claim without revealing its inputs.
-
Independent Verification
Proofs are verified on zkVerify, by anyone, with no trust in DataHubz required.
-
Per-User Wallets
Each user gets their own wallet, keeping attestations attributable and self-sovereign.
-
No Vendor Lock-In
Proofs stand on public infrastructure, not on DataHubz staying in business.
What else
Integrated, not standalone
VeriCode powers GuardGit and the CSE Registry rather than shipping as a separate app.
Public and permissionless
Anyone can verify a proof. No DataHubz account is required.
Who it is for
Anyone who needs a compliance claim to be checkable by a party that trusts no one.
Registry A shared, machine-readable vocabulary for compliance.
What it is
The Common Signals Enumeration (CSE) Registry is an open standard: a canonical, machine-readable registry of compliance signals and the mappings between them and major frameworks. Like CVEs for vulnerabilities or IANA for the internet, it gives the compliance industry a shared vocabulary it has never had.
What it does
-
Canonical Signals
Defines more than 1,143 compliance signals with stable identifiers.
-
Framework Mappings
Provides over 2,062 mappings linking signals across 12 frameworks.
-
Machine-Readable
Published in a format that tools can consume directly.
-
Open & Versioned
Maintained in the open on GitHub, free for anyone to use.
What else
Already in use
GuardGit scans against it and VeraComply reasons against it.
Open standard
Published on GitHub under an open model, with contributions welcome.
Who it is for
The whole compliance ecosystem: vendors, tools and teams who need a common language.
Step Into the Future of Compliance
Join the next generation of businesses simplifying the path to certifications with AI-powered automation, clarity, and confidence.