Trust & evidence

Trust and evidence

Provenly's whole job is to hold the evidence that your H&S documents were read and acknowledged — and to make sure that evidence still stands up months or years later, when someone asks you to prove it.

So it's fair to ask how it's built, where your data lives, and what happens if you ever need to lean on it. Here are the specifics, in plain terms.

Illustrative
ACK · #1039SEALED
Sarah Whitfield · Fire Safety Policy v3 · 14 May 09:42
a3f9c14b8e…772d72b
ACK · #1040SEALED
Tom Hale · Manual Handling RA v4 · 14 May 10:05
prev a3f9c14b8e… · 7e10aa…ff21b4c9
ACK · #1041SEALED
Priya Sharma · COSHH Procedure v2 · just now
prev 7e10aa…ff21b4c9 · c1d8b3…40a9f17

Each record carries a fingerprint of the one before it.
Change any entry after the fact and the chain breaks — visibly.

The short version, before the detail

Written once, never edited
Each sign-off is locked the moment it's made — it can't be changed by you or by us.
Hash-chained & tamper-evident
The whole log is cryptographically linked, so any change anywhere would show.
Version-locked sign-offs
Every record is tied to the exact version that person saw — not just the latest.
Your data stays in the UK & EU
Documents and records kept in the UK and EU — no quiet transfers overseas.
GDPR by design
Privacy notice, retention and subject-access requests handled — not bolted on.
Cyber Essentials Plus In progress
Working towards the UK government-backed certification, target October 2026.
The record

Written once, and can't be quietly changed

Every time someone acknowledges a document, Provenly writes a single record and locks it. It's immutable — written once, never edited or overwritten — and it captures the moment, who confirmed it, the device and network, and the exact version they saw.

Each record is linked to the one before it in a cryptographic chain. Change a single record after the fact and the chain breaks, visibly. That's what tamper-evident means: not that tampering is impossible, but that it can't be hidden.

If a claim ever lands on one person years later, the record already holds exactly what they saw, signed, and when.
Illustrative
ACKNOWLEDGEMENT RECORDSEALED
Who & what
PersonSarah Whitfield
DocumentFire Safety Policy
Exact version seenv3 · locked
When
Confirmed14 May 2026 · 09:42 BST
Time on document2 min 41 sec
Where & how
DeviceiPhone · Safari
IP address81.142.41.xx
Integrity
Hashsha-256 · chained
Chainverified ✓
Why it matters

Where the proof actually gets used

Most people picture the risk as a visit from the HSE. The real shape of it is different — and it's worth seeing plainly.

A civil claim, brought by an employee months or years after an incident, turns on a simple question: can you show what this person was told, what they acknowledged, and when? "We're sure we sent it round" rarely answers it. A locked, dated, version-specific record does.

248
HSE criminal prosecutions
2023/24
44,547
employers'-liability claims
registered 2023/24

Sources — HSE Annual Report & Accounts 2023/24 (248 prosecutions); DWP Compensation Recovery Unit 2023/24 (44,547 employers'-liability claims registered). The point isn't fear — it's where proof gets used.

MMPlaceholder · portrait
Who's building it

Built by someone who does this every day

"Having the right document is the easy part. Managing it — and proving who read and signed which version — is where it falls apart. When a claim lands, the only thing that helps is the evidence trail. I built Provenly to be exactly that."

CMIOSH — Chartered Member of IOSH 9+ years as an H&S consultant Hundreds of SME audits Trains managers via IOSH Managing Safely

Matt McAllen, founder of Provenly

Data & privacy

Your data, kept where it should be

Two things matter for evidence you may need to rely on under UK law: where it lives, and how the people in it are looked after.

Stored in the UK & EU

Your documents and acknowledgement records are stored in the UK and EU. They aren't quietly transferred overseas, or handed to a provider whose home jurisdiction could reach into them. For evidence you may rely on in a UK court or tribunal, that's a deliberate choice.

GDPR-built, not bolted on

  • A clear privacy notice, in plain English
  • A defined retention policy for how long records are kept
  • Subject-access requests handled properly when one comes in

Built for the person signing, too

Trust isn't only about the business. Your team install no app and sign in in seconds, and they see exactly which document and version they're confirming. What's recorded is only what's needed to make that sign-off stand up later — the moment, the version, and that it was really them — and it's explained plainly, not buried.

How it's secured

Security, said plainly

SHA-256 hash-chaining

The acknowledgement log is chained using SHA-256 — the same family of cryptographic hash used across banking and government systems. In place now, not pending.

Two-step sign-in

Anyone who can change documents or see the records — owners, managers and the consultants they invite — signs in with a second step, not a password alone.

Cyber Essentials Plus

We're working towards Cyber Essentials Plus, the UK government-backed certification, targeting October 2026. We'll call it certified when it is — not before.

If you ever need to lean on it

Your evidence belongs to you — not to us

A fair question for any tool you'd come to depend on: what if Provenly goes away? So here's the principle we're building to. You should be able to take your records out in a usable form and rely on them whether or not Provenly is still around. Your proof shouldn't live or die with your supplier.

The record is captured from day one. A polished, one-click audit-pack export is on the way — we'll firm this up as it ships.

How it's being built

One important thing, done properly — before anything else

We're not trying to do everything at once. Provenly does one job first — getting your documents read, signed and proven — and we're building it with a small group of real UK SMEs, across different industries and sizes, to get that one thing genuinely right before we widen it.

It's built in the open. When something's live, we say so; when it's still coming, we say that too. Follow the build

Evidence & security, answered

The questions people ask

Can a record be edited or deleted after someone's signed?

No. Once someone acknowledges a document, that record is written once and locked — it can't be edited or deleted, by you or by us. If a document changes, you upload a new version; the original record stays exactly as it was, tied to the version that person actually saw.

What does "tamper-evident" actually mean?

It means any change to the record would show — not that change is impossible. Each acknowledgement is cryptographically linked to the one before it, so altering an entry after the fact breaks the chain visibly. Anyone reviewing it can tell the log hasn't been quietly rewritten.

Where is my data stored?

In the UK and EU. Your documents and acknowledgement records aren't transferred to providers outside that region. For evidence you may need to rely on under UK law, keeping it within UK and EU jurisdiction is a deliberate choice.

Is Provenly Cyber Essentials certified?

Not yet — we're working towards Cyber Essentials Plus, with a target of October 2026. We'll only describe it as certified once it is. The cryptographic hash-chaining that protects the log is in place now, not pending.

See the evidence for yourself

Want to see the
record for yourself?

The best way to judge an evidence tool is to look at the evidence it produces. Join the early-access list and we'll show you the real thing when we open access — no card, no sales call, no obligation.

Get early access

No card, no sales call, no obligation.

Read how it works