What you actually get

The GDPR Article 17 Erasure Attestation is a fixed-scope engagement with a fixed set of deliverables. This page lists exactly what arrives in your inbox at close, with links to sample artifacts you can inspect today.

The deliverable bundle

Artifact	Format	What it's for	Sample
Erasure Attestation PDF	PDF	The auditor / DPO-facing document. Executive summary, scope, methodology, per-surface ERASED / RESIDUAL DATA verdicts, per-residual-marker evidence rows, control mappings, integrity block, verification instructions.	sample
Evidence JSON	`evidence.json`	The machine-readable evidence pack. Same content as the PDF, schema-versioned, suitable for archival, re-rendering, or downstream ingestion.	sample
in-toto attestation envelope	`attestation.intoto.json`	The signed integrity envelope. Carries the run digest, the timestamp token reference, and the manifest hash. The cryptographic chain of custody.	sample
RFC 3161 timestamp token	DER-encoded binary	Third-party-issued cryptographic proof that the run digest existed at the time of the run. Independently verifiable against the issuing TSA.	included in the JSON pack
Sigstore Rekor inclusion proof (when enabled)	Rekor log entry + proof	Public transparency-log entry binding the run digest to a time. Anyone can fetch the entry from `rekor.sigstore.dev` and verify inclusion.	included in the JSON pack
Verification instructions	Markdown + recorded command	One-paragraph step-by-step for how to verify the pack from a clean machine using the open-source `sectum-ai verify`. No Sectum AI installation required for the verifier.	page 1 of the PDF + samples README

All sample artifacts above are real outputs of the runnable examples/erasure-attestation walkthrough — you can inspect them today, before any engagement, to see exactly the artifact shape your DPO will receive.

Both verdicts on display

The same engagement can deliver one of two verdicts, and we ship a sample of each so you can see what the failure mode looks like before you commission a run:

Verdict	What the run found	Sample PDF	Sample JSON
ERASED (happy path)	The erasure workflow succeeded. All seven surfaces report zero residual markers for the target tenant. The pack is what closes the regulator ticket.	audit-pack.pdf	evidence.json
RESIDUAL DATA (the common bug)	The erasure ran as a soft-delete (tombstone, not purge). Every surface returns residual markers. The pack itemises every residual hit, the surface, and the remediation pointer — what your platform team works against.	residual-data-audit-pack.pdf	residual-data-evidence.json

Both samples were produced by the same runnable example (examples/erasure-attestation/run.sh for ERASED; sectum-ai erasure --soft-delete for RESIDUAL DATA). Either pack verifies under the open-source sectum-ai verify; the verdict is data, not signal integrity.

What the PDF contains, page by page

Cover — executive summary. Run ID, target tenant, engagement date range, top-line verdict (ERASED vs RESIDUAL DATA found), and the one-command independent verification recipe.
Scope and methodology. Surfaces covered (the seven Sectum AI verifies for erasure: vector DB, tracing, agent memory, semantic cache, model/fine-tune adapters, search index, eval set), the marker substrate explanation, the manifest-grounded zero-false-positive detection pipeline (exact → semantic → calibrated judge), and the explicit limits (Sectum AI verifies and attests; does not remediate; pack is test coverage, not legal certification).
Per-surface results table. One row per configured surface with: pre-erasure marker count, post-erasure residual count, verdict (ERASED / RESIDUAL DATA / NO BASELINE).
Per-finding evidence rows (when residual data is found). Each row: marker ID, owning tenant, surface, severity, confidence, evidence span (the actual leaked text), remediation pointer, OWASP / ATLAS / NIST control IDs.
Compliance control coverage. Mapping table grouping findings by SOC 2 (CC6.1 / CC6.6 / CC6.7), ISO 27001 (A.5.15 / A.8.3 / A.8.12), GDPR (Art. 17 / 32), EU AI Act (Art. 15), HIPAA (§164.312), NIST AI RMF (MEASURE 2.7), OWASP LLM Top 10 (LLM08:2025).
Integrity and independent verification. The run digest (SHA-256), the manifest hash, the timestamp token reference, the Rekor log index (when enabled), the sectum-ai verify command and expected output.

What's not in the deliverable

No remediation. If a surface returns RESIDUAL DATA, the pack itemizes the residual marker, the surface, and the remediation pointer (e.g., "purge orphaned vectors from the shared index"). Your platform team owns the remediation work; we attest, not fix.
No legal certification. The control mappings are assertions of test coverage. A regulator may use the pack as evidence; the pack itself is not a regulatory finding.
No customer data. The substrate provisions synthetic tenants seeded with cryptographic canary markers. No real customer data leaves your environment; only the canary markers and the signed evidence pack do.
No vendor lock-in on verification. The sectum-ai verify command is open-source Apache-2.0 (see ADR-0002). Your DPO, your auditor, or the regulator can verify the pack from a clean machine without us — by design.

Engagement scope — what we agree on up front

The engagement contract pins:

Target tenant. The single tenant whose erasure is being attested.
Surfaces in scope. Which of the seven we attest. A minimal engagement covers vector DB + tracing (2 surfaces); a full engagement covers all 7. Scope drives the quote.
Adapter configuration. The sectum-ai.yaml you supply — backend kinds, env-var references for any credentials, no inline secrets.
Erasure trigger. Your existing erasure flow (DSR platform, custom scripts, manual ops). We don't run the erasure; we baseline before, wait, and attest after.
Delivery date. Typical engagement: 5-10 business days from kickoff. Pre-erasure baseline by day 2-3; attestation delivered by day 7-10 (faster if your erasure flow runs on day 1).
Confidentiality. Mutual NDA in place; the manifest hash and the evidence pack are the only artifacts that leave your environment in BYOC mode (the default).

What we ask of you

A sectum-ai.yaml describing your AI stack's adapters and credential references (no secrets inline). We supply the template.
One operational contact who can trigger the erasure on day 4 (or whenever fits your DSR cycle).
Network access for the Sectum AI CLI to reach the configured adapters in BYOC mode — either we run inside your environment, or you run the CLI yourself and send us the resulting pack for the cryptographic chain.

Engagement

Scoped per engagement based on the surfaces in scope. A minimal-surface engagement covers vector DB + tracing; a full engagement covers all seven surfaces plus the in-toto envelope, the RFC 3161 timestamp token, and the optional Sigstore Rekor inclusion proof. Start an engagement for a quote.

Continuous (quarterly) cadence is available under the Continuous Multi-Tenant Verification SKU if you'd rather not re-engage on every DSR cycle.

Start an engagement ← Back to overview