Now Accepting Beta Partners

The EU-Sovereign
Flight Recorder
for Fintech Compliance

Automatically vault every closed AML investigation into eIDAS-certified, CMK-encrypted PDF/A-3 bundles. Zero analyst effort. Instant regulator-ready evidence.

Request Early Access

See How It Works

EH

SN

AL

+2

Trusted by 5+ Nordic fintechs in beta

vault.regproof.eu

All Systems Secure

Audit Readiness Score

98 / 100

All Clear

Cases Vaulted

0

+124 this week

eIDAS Seals

0

100% verified

Storage Used

0

of 500 GB

Recent Activity Live

Case sealed & vaulted

#FSA-2024-0891

Bulk migration complete

1,247 files

Integrity check passed

100%

The Compliance Gap

Your Audit Defense
Is Fragmented

When Finansinspektionen or Finanstilsynet calls, most fintechs scramble — because evidence is scattered, unsealed, and sitting on US cloud infrastructure.

The result: 2–4 weeks of panic per audit and significant regulatory risk

01

Evidence Fragmentation

Data buried across Zendesk, Veriff, Hawk AI, Slack, and shared drives. No single source of truth.

02

Alterable Records

Evidence in standard SaaS has no cryptographic seal — it can be silently altered, losing all legal weight.

03

US Cloud Exposure

EU citizen financial data on AWS/GCP creates DORA and Schrems II exposure you can't afford.

04

Manual Overhead

Analysts juggle too many tools. Manual evidence compilation for every closed case doesn't scale.

How It Works

Three Steps to Bulletproof Compliance

No workflow changes. No new tools for analysts. Just cryptographic certainty.

1

Connect Your Stack

Add our webhook endpoint to your existing compliance tools — Zendesk, Hawk AI, Veriff, or your own backend. No SDK, no agent, no new UI.

Webhook REST API 5-min setup

2

Automated Vaulting

When a case closes, Regproof compiles the evidence into PDF/A-3, stamps it with an eIDAS Qualified Timestamp, encrypts with your CMK, and vaults it.

PDF/A-3 eIDAS QTS CMK Encrypted

3

Break Glass When Needed

When the regulator calls, your MLRO logs into the vault, searches by case or date, and exports a cryptographically sealed evidence pack — in minutes.

Instant Export Tamper-Proof FSA Ready

The Technology

Built on Three Pillars of Trust

Every pillar independently ensures your evidence holds up in any regulatory proceeding.

Pillar 01

PDF/A-3 + eIDAS

ISO-standard PDF with embedded raw data, sealed with qualified timestamps — human-readable and machine-parsable simultaneously.

Qualified Electronic Time Stamp (QTS)
Mathematical proof of closure timestamp
Zero-tamper guarantee since sealing

Pillar 02

Confidential Computing

Payloads processed inside Secure Enclaves — data never exposed in plaintext RAM. Even our own administrators cannot see your evidence.

Customer-Managed Keys (CMK)
You hold the exclusive decryption keys
Zero-knowledge architecture

Pillar 03

EU-Sovereign by Design

Hosted on Scaleway in European data centers. Fully isolated from US cloud vendors. DORA-compliant architecture from day one.

Zero AWS/GCP infrastructure
CLOUD Act immune data residency
GDPR-compliant by construction

Platform Features

Set It and Forget It

Regproof adapts to your stack. Your analysts keep their existing workflows — we handle the evidence vaulting silently.

Webhook-First Ingestion

Event-driven archiving. When an analyst closes a case, your backend fires a JSON payload. We compile, seal, encrypt, and vault — automatically.

Pure push architecture — no scraping

Works with any REST-capable tool

Slack/Teams health monitoring

Break-Glass Vault

Purpose-built for MLROs and Compliance Officers. Not a daily driver — your lifeline when the regulator calls. Instant search, instant export.

FSA Audit Mode — one-click packs

Search by date, case ID, or entity

Cryptographically sequenced packs

Legacy Migration

Import years of historical evidence — Excel, PDFs, CSV logs — into the vault with full eIDAS stamps. Drag-and-drop or white-glove managed service.

Drag-and-drop import interface

Integrity stamp on every record

Managed migration available

Trusted by Nordic Fintechs

What Compliance Leaders Say

"Regproof turned our biggest audit fear into a competitive advantage. What used to take two weeks of panic now takes 15 minutes."

EH

Erik Holmberg

MLRO, Payer Finance

"The eIDAS integration alone saved us from building months of internal infrastructure. And the CMK encryption means our board sleeps better at night."

SN

Sofia Nilsson

Head of Compliance, NordPay

"Five minutes to integrate via webhook. Zero changes to how our analysts work. The vault just started filling up automatically. That's exactly what we needed."

AL

Anders Larsen

CTO, Fintech Norge

Pricing

Predictable Pricing. No Surprises.

No per-seat fees. No per-bundle charges. Just a flat subscription based on case volume.

Monthly Annual Save ~17%

Starter

For growing operations

€1,000 /month

1,000 cases / month
Unlimited auditor access
250GB encrypted storage
eIDAS PDF/A-3 bundling

Get Started

Popular

Professional

For scaling fintechs

€2,500 /month

5,000 cases / month
Unlimited auditor access
500GB encrypted storage
Slack/Teams health alerts

Get Started

Enterprise

For high-volume operations

Custom

Unlimited cases / month
Custom storage & retention
White-glove legacy migration
Dedicated support & SLA

Contact Us

Data storage tiering available beyond included limits • Legacy Migration Service available as one-time engagement

FAQ

Frequently Asked Questions

How long does integration take?

Most customers are fully integrated within 30 minutes. Our webhook-first architecture means you add one endpoint URL to your compliance stack. No SDK installation, no agent deployment, no changes to analyst workflows.

Can we keep using our existing compliance tools?

Absolutely. Regproof sits on top of your existing stack. Your analysts keep using Zendesk, Hawk AI, Veriff, or whatever tools they rely on. When a case closes, we automatically receive the payload and handle the evidence vaulting — zero disruption to daily workflows.

How does the CMK encryption work?

Customer-Managed Keys (CMK) means you generate and hold the encryption keys. We never have access to your plaintext data. Even in the event of a server breach, attackers only find encrypted ciphertext. You can also integrate with your existing KMS infrastructure.

What makes the eIDAS seal legally binding?

eIDAS (Electronic Identification, Authentication and Trust Services) is the EU regulation that gives qualified electronic timestamps the same legal weight as physical signatures. Our Qualified Trust Service Provider issues timestamps that mathematically prove when a document was sealed and guarantee zero alteration since — admissible in all EU courts.

Is my data hosted in the EU?

Yes. All data is hosted exclusively on Scaleway's EU-based infrastructure in France and the Netherlands. We maintain zero infrastructure on AWS, GCP, or Azure. This eliminates CLOUD Act exposure and ensures full DORA and GDPR compliance for your historical data.

Limited Beta Slots Available

Ready to Bulletproof
Your Next Audit?

Join leading Nordic fintechs who sleep better knowing their compliance evidence is automatically vaulted, cryptographically sealed, and regulator-ready — always.