For Enterprise
Every asset signed. Every key in your KMS.
From creation to distribution, every asset carries a signed audit trail. BYOK keeps your signing keys under your control.
BYOK KMS
Bring your own signing key from AWS KMS, GCP Cloud KMS, or Azure Key Vault. Verbitas calls your KMS Sign API — your private key never leaves your infrastructure.
Learn more →Tenant isolation
Row-level security in Postgres. Per-tenant rate limits. Separate API keys per project or downstream customer. Cross-tenant queries are rejected at the database layer.
Immutable audit log
Every sign, verify, and lookup event is written to an append-only Postgres table (rows cannot be deleted). Continuously archived to S3. Exportable as CSV or JSON. SIEM export via webhook.
SIEM export
Continuous audit event export to your SIEM via webhook (Splunk, Datadog, Elastic). Events include tenant ID, operation type, asset ID, KMS request ID for cross-reference.
Admin console
Key management, recipe management, usage dashboard, billing, and team management. Role-based access control: admin, billing, viewer.
DPA & sub-processors
Data Processing Agreement template available. Full sub-processor list maintained per GDPR Art. 28. EU-only infrastructure (Hetzner FSN1 + HEL1).
Learn more →SLAs and support
| Component | RTO target | RPO target |
|---|---|---|
| API (sign + verify) | ≤ 15 min | ≤ 5 min |
| Signer | ≤ 15 min | N/A (stateless) |
| Postgres (failover) | ≤ 30 min | ≤ 5 min |
| Object storage | ≤ 1 h | ≤ 1 h |
Enterprise SaaS and Enterprise BYOK plans include 99.9% API uptime SLA. Developer and Growth plans are best-effort.
Verbitas provides technical evidence of origin and processing history. It does not provide legal compliance advice or guarantee compliance with any regulation. Use the audit log and manifest records as evidence for your compliance program.
Ready for enterprise provenance?
30-day trial. BYOK KMS. Dedicated Slack. Talk to our team.