What isot is. Why it exists. How it works.
What
isot is a 0-layer policy enforcement substrate for LLM inference pipelines. It sits between your application and the model — not as a wrapper, not as a proxy, but at the inference layer itself.
Every call through isot is policy-gated and cryptographically audited before a single token reaches the model.
Why
The EU AI Act (2024/1689) requires high-risk AI systems to maintain traceability, enforce human oversight, and produce verifiable audit records. Most LLM deployments produce none of these by default.
isot makes compliance a runtime property, not a post-hoc reporting exercise. The audit trace is deterministic, not reconstructed.
How
Each inference call passes through a policy gate (compiled callable, not YAML), a data filter, an SSM-style context state update, and an audit trace emitter — SHA-256 hashed prompt and output, timestamped to UTC, with policy result.
Total overhead measured live on Railway:
0.653ms avg · 0.007% of total latencyisot is model-agnostic. Claude, Gemini, and Ollama adapters ship in v1. The interface is identical across all of them.
Terms & Conditions
Acceptance
By accessing or using isot, you agree to be bound by these terms. If you do not agree, do not use the service.
Use of Service
isot is provided for evaluation and demonstration purposes. You agree not to use isot to transmit unlawful, harmful, or policy-violating content. All inference calls are subject to policy enforcement at the runtime layer.
Audit & Compliance
isot generates cryptographic audit traces for every inference call. These records are retained in accordance with EU AI Act 2024/1689 requirements for high-risk AI system traceability.
Limitation of Liability
isot is provided "as is" without warranty of any kind. In no event shall isot or its operators be liable for any indirect, incidental, or consequential damages arising from use of the service.
Changes
These terms may be updated at any time. Continued use of the service constitutes acceptance of the revised terms.
Governing Law
These terms are governed by applicable law. Use of isot in the European Union is subject to EU AI Act 2024/1689 and GDPR where applicable.
Privacy Policy
What We Collect
isot collects only what is necessary to operate the inference pipeline: the prompt text, a SHA-256 hash of the prompt and model output, org and user identifiers, and a UTC timestamp per request. No personally identifiable information is required to use the demo.
Audit Traces
Every inference call produces a cryptographic audit trace. These traces contain hashed representations of inputs and outputs — not the raw content — and are retained for compliance with EU AI Act 2024/1689 traceability requirements.
Third Parties
Inference is routed through Anthropic's Claude API. Prompts submitted through isot are subject to Anthropic's usage policies and privacy terms. isot does not sell or share data with any other third parties.
Data Retention
Session data exists in memory only and is not persisted beyond the active session. Audit trace hashes may be retained for compliance purposes.
Your Rights
If you are located in the European Union, you have rights under GDPR including access, rectification, and erasure. Contact us at the address below to exercise these rights.
Contact
Privacy inquiries: privacy@isot.dev
Contact
Why Reach Out
isot is built for teams that need policy enforcement, auditability, and model flexibility without bolting compliance on afterward. If you're evaluating enterprise AI infrastructure, this is the line to cross.
Partnerships
We’re open to conversations with product, legal, and platform teams at organizations shipping AI into regulated workflows.
Contact
Best Next Step
Send a short note with your use case, model stack, and compliance concerns. We’ll know quickly whether isot fits.
EU AI Act | Case study
Problem
A regulated AI workflow needs policy enforcement, traceability, and auditable records at runtime without adding meaningful latency to model calls.
Runtime path
Application request → isot policy gate → data filtering / context handling → cryptographic audit trace emission → Claude model call → response returned with policy result and latency metadata.
EU AI Act relevance
The EU AI Act pushes compliance toward runtime reality, not retrospective paperwork. High-risk systems are expected to support technical documentation, record-keeping, and automatic logs that make system behavior traceable in operation.
isot fits that requirement path directly. It applies policy before model execution, emits deterministic audit traces for each inference call, and preserves the metadata needed to verify what happened, when, and under which policy outcome.
That makes traceability an active property of the inference layer. Claude Agent SDK can handle agent behavior above the call; isot makes that behavior governable, reviewable, and easier to defend in regulated environments.
Live benchmark
0.653ms avg isot on Railway · 7ms floor across modelsAudit trace snippet
Show: policy result, user, org, UTC timestamp, prompt hash, output hash, and latency; your status file explicitly says the demo already shows request/output hashes, UTC timestamp, policy result, and latency.