Welcome to the Traceprompt API Docs

Traceprompt turns every LLM prompt & completion into tamper-proof, KMS-encrypted compliance evidence - without slowing your product down. These docs show you how to integrate the Ingest API & SDK, protect data with your own AWS CMK, and verify interactions in the dashboard.

Why Traceprompt exists

Modern regulations already assume you can show the “who / what / when / why” of every data-processing event. Once generative-AI hits production that requirement becomes even stricter:
Regulation / FrameworkTypical Evidence You Must Produce
HIPAA (45 CFR §164)PHI disclosure log, access justification
SOC 2 CC7 & CC8Immutable audit trail, anomaly alerts
ISO 27001:2022 A.8End-to-end activity history with retention controls
EU AI Act (draft)Prompt lineage, output provenance, risk-control logs
SOX 404Model inputs & outputs affecting financial statements
Traditional logging stops at HTTP boundaries; LLM calls become opaque blobs. Traceprompt records each interaction as verifiable evidence - encrypted so only you can read it.

What Traceprompt adds to your stack

  1. Client-side envelope encryption - your app encrypts every prompt & completion with a fresh Data Encryption Key (DEK); the DEK is wrapped by your AWS KMS key. Traceprompt never sees plaintext without your permission.
  2. Tamper-proof ledger & anchoring - entries are hash-chained and Merkle-rooted to the Traceprompt open-anchors GitHub repo. Anyone can later prove an entry is unchanged and timestamp-authentic.
  3. Real-time usage & cost telemetry - clear-text metadata (tokens, latency, model, user ID) powers dashboards and alerts without Traceprompt decrypting content (customers can still decrypt via the Viewer role when needed).
  4. One-click Audit Packs - generate a ZIP containing CSV rows, Merkle proofs, and GitHub-anchor receipts (commit hashes & signed tags) ready for auditors.

How it helps teams

Pain pointTraceprompt remedy
”Show every prompt that touched PHI.”Instant filter on tagged metadata; decrypt just the rows auditors request.
”Prove no one tampered with this diagnosis.”Supply the Merkle proof & GitHub commit hash shipped in the Audit Pack.
”Security blocks off-prem logs.”Logs are ciphertext; only your CMK can unwrap them inside your AWS account.
”Need HIPAA/SOC 2/ISO evidence fast.”Built-in controls map directly to those frameworks—no custom plumbing.

Technical glance

Contact Us

Need help getting started or have questions about Traceprompt?
  • Join our Slack community for real-time support and discussions
  • Email us at help@traceprompt.com for technical questions or enterprise inquiries
Dive in and let Traceprompt handle the compliance heavy lifting while you keep shipping great AI features.