Skip to content

Compliance evidence

Fontana gives you two complementary evidence types for compliance review: workflow data lineage (how a value was computed) and the immutable security audit trail (who did what on the platform). Platform controls such as isolation, encryption, secrets, and supply chain are documented under Security.

  • Immutable audit trail - append-only WORM ledger (ImmuDB), event producers, HyperDX mirror vs system of record, integrity scans
  • Data lineage - atomic provenance from ingress through export, OpenLineage export, canvas inspection

Fontana records atomic data lineage across workflow execution: every transformation, lookup, merge, filter, compute step, and AI operation that derives a cell can attach pointer-based provenance back to upstream rows and columns. Lineage is stored as structured metadata alongside port datasets, not as copied row snapshots, so auditors can traverse a recursive source chain from any output cell to its origins.

  • Per-operation lineage - workflow processors emit lineage entries with usage types such as transformation, lookup, merge, reference, computed, generated, and filtered
  • Per-port artifacts - server runs persist lineage and audit sidecars under each node port in the run directory; validation failures surface as audit items on retained rows
  • UI inspection - the Data Lineage panel on the canvas walks the provenance tree for the selected cell
  • Durable evidence - run-scoped lineage and port audit files persist on encrypted workspace storage across pod restarts and upgrades within your tenant

Lineage answers calculation provenance. It is not the same as the immutable security audit trail, which answers privileged platform activity. See Immutable audit trail for the comparison table.

Workflow run audit (canvas and file store)

Section titled “Workflow run audit (canvas and file store)”

During execution, the workflow engine records data-quality audit items on port outputs: validation results, transform summaries, and manual edit overlays. Lineage sidecars (.lineage.json) and port audit artifacts (.audit.json) persist on the workflow file store alongside run datasets.

  • AI tool calls - invocations write structured records with protocol and latency metadata; correlation with WORM audit depends on enabled producers
  • Admin changes in Flow - privileged configuration changes should appear in admin audit logs and, when producers are enabled, the immutable audit trail via Convex

Isolation, Vault secrets, encryption in transit and at rest, network hardening, supply chain integrity, and the questionnaire-oriented control matrix live under Security, including SOC 2 control summary and Vendor diligence FAQ. Certification posture and diligence packs: Security and governance.