Append-Only Policy Versioning
Ask us which policy was in force on 15 January. We will reconstruct it.
Framework / standard: ISO/IEC 38505-1 (Authority) · GDPR Art. 5(2)
When faced with a historical breach, being unable to demonstrate which rule was in force is a guaranteed audit finding. Linedat versions policies (and other governance entities) in an append-only manner, with reconstruction at any date.
Append-only snapshot with frozen actor
Every policy change generates a full snapshot with valid_from/valid_to and the signatory's frozen identity (email, name and role at that moment), so it survives even if the user is deleted. You answer "what policy was in force on 2026-01-15 and who signed it?".
The same pattern for many entities
The same versioning service provides point-in-time reconstruction for multiple governance entity types (data and AI policies, processing activities, FRIAs, model/dataset cards…), with the same guarantee.
The limits (what we do not claim)
Snapshots are full JSONB with valid_from/valid_to (genuine point-in-time reconstruction), but they are not hash-chained in this version: a direct UPDATE on a snapshot is not detectable as in the audit chain (hash-chaining on these entities is a follow-up).
How Linedat helps
Linedat lets you reconstruct which policy, contract or FRIA was in force on any date, with the signatory frozen — accountability that survives an audit.
Related capabilities
The committee does not decide in a Word document: it decides with evidence linked to the data.
Audit Chain: Verifiable Cryptographic IntegrityOther catalogues store logs. Linedat stores proof — verify it with a button.
RoPA: Record of Processing ActivitiesA RoPA that points to the real tables — not a disconnected spreadsheet.
