Compliance evidence
Fontana gives you two complementary evidence types for compliance review: workflow data lineage (how a value was computed) and the immutable security audit trail (who did what on the platform). Platform controls such as isolation, encryption, secrets, and supply chain are documented under Security.
Topics
Section titled “Topics”- Immutable audit trail - append-only WORM ledger (ImmuDB), event producers, HyperDX mirror vs system of record, integrity scans
- Data lineage - atomic provenance from ingress through export, OpenLineage export, canvas inspection
Workflow data lineage
Section titled “Workflow data lineage”Fontana records atomic data lineage across workflow execution: every transformation, lookup, merge, filter, compute step, and AI operation that derives a cell can attach pointer-based provenance back to upstream rows and columns. Lineage is stored as structured metadata alongside port datasets, not as copied row snapshots, so auditors can traverse a recursive source chain from any output cell to its origins.
- Per-operation lineage - workflow processors emit lineage entries with usage types such as
transformation,lookup,merge,reference,computed,generated, andfiltered - Per-port artifacts - server runs persist lineage and audit sidecars under each node port in the run directory; validation failures surface as audit items on retained rows
- UI inspection - the Data Lineage panel on the canvas walks the provenance tree for the selected cell
- Durable evidence - run-scoped lineage and port audit files persist on encrypted workspace storage across pod restarts and upgrades within your tenant
Lineage answers calculation provenance. It is not the same as the immutable security audit trail, which answers privileged platform activity. See Immutable audit trail for the comparison table.
Workflow run audit (canvas and file store)
Section titled “Workflow run audit (canvas and file store)”During execution, the workflow engine records data-quality audit items on port outputs: validation results, transform summaries, and manual edit overlays. Lineage sidecars (.lineage.json) and port audit artifacts (.audit.json) persist on the workflow file store alongside run datasets.
- AI tool calls - invocations write structured records with protocol and latency metadata; correlation with WORM audit depends on enabled producers
- Admin changes in Flow - privileged configuration changes should appear in admin audit logs and, when producers are enabled, the immutable audit trail via Convex
Platform security and SOC 2 summary
Section titled “Platform security and SOC 2 summary”Isolation, Vault secrets, encryption in transit and at rest, network hardening, supply chain integrity, and the questionnaire-oriented control matrix live under Security, including SOC 2 control summary and Vendor diligence FAQ. Certification posture and diligence packs: Security and governance.
Related documentation
Section titled “Related documentation”- Security - platform security controls and SOC 2 control summary
- Data storage and processing - Core Fontana data principles (immutable, durable, auditable)
- Data retention - workflow file store vs HyperDX vs ImmuDB
- Identity and access - Zitadel SSO, MFA, SCIM, RBAC
- Backup and restore - snapshots, rollback, configuration export