Arkova is a compliance audit automation platform in early access, built on top of a production-grade, cryptographically-anchored evidence layer. The audit-automation product — scorecard, gap detection, remediation, regulatory-change alerts, PDF export — is being built and refined with pilot customers.

How much faster is an audit with Arkova going to be vs. the manual process?

Typical compliance audits take weeks: compiling evidence across many tools, mapping it to controls, and producing a report. Arkova is designed to map evidence to the rules in your operating regimes automatically, rank gaps by severity and penalty risk, and produce an audit-ready export. Our pilot target is collapsing weeks of audit prep into hours.

Which regulations are on the roadmap?

US federal (FERPA, HIPAA, SOX, FCRA, GLBA, ADA, FLSA, GINA), EU/UK GDPR, Kenya DPA, Australia APP, Canada PIPEDA, Singapore PDPA, Japan APPI, India DPDP, South Africa POPIA, Nigeria NDPR, Colombia Law 1581, Thailand PDPA, and Malaysia PDPA. Prioritized by pilot-customer footprint.

What will the scorecard show?

A per-jurisdiction posture score and breakdown, a severity-ranked gap list, a prioritized remediation plan, a regulatory-change feed, and an audit-ready export. Designed for GRC leads, CISOs, internal audit, and outside counsel.

Is the evidence chain auditor-grade?

The evidence layer is cryptographic and independently verifiable: every anchor is a SHA-256 fingerprint committed to a public network, and lifecycle events are in an append-only audit log. Our own SOC 2 Type II and ISO 27001 work is in progress.

Is my data safe? Do you see our documents?

No. Documents never leave your device. Fingerprinting is client-side. Only PII-stripped metadata flows to our systems. Even if we were breached, your documents remain private because we never had them.

Join the waitlist on arkova.ai. We reach out to scope pilots — the best fits right now are compliance teams operating across multiple jurisdictions who are tired of the quarterly audit fire drill.

Compliance · Australian Privacy Principles

AustraliaPrivate Beta · Building

APP compliance evidence the OAIC can verify without trusting your stack.

The Australian Privacy Principles under the Privacy Act 1988 set 13 principles covering collection, use, disclosure, security, and access. The Notifiable Data Breaches scheme requires reporting to the OAIC and affected individuals as soon as practicable. Arkova anchors the records that prove each principle was followed.

Request Early Access All frameworks

What it is

Australian Privacy Principles in plain English.

The Australian Privacy Principles (APPs) are 13 principles in Schedule 1 of the Privacy Act 1988 (Cth). They apply to APP entities: most Australian Government agencies plus private-sector organisations with annual turnover above AUD$3 million (with significant exceptions for smaller health, credit, and TFN-related operators).

Privacy Act amendments through 2024–2026 have substantially strengthened the regime. The Notifiable Data Breaches (NDB) scheme, in effect since 22 February 2018, requires notification of "eligible data breaches" to the OAIC and affected individuals. Civil penalties for serious or repeated interferences with privacy reach up to AUD$50 million or 30% of adjusted turnover.

The Privacy Act has extraterritorial application: foreign organisations carrying on business in Australia and collecting/holding personal information in Australia are subject to the APPs even without an Australian establishment.

Key requirements

What Australian Privacy Principles actually asks of you.

APP 1 — Open and transparent management

Maintain a clearly expressed, up-to-date privacy policy. Privacy practices must be implemented and documented.

APP 3 — Collection of solicited personal information

Personal information must be collected only when reasonably necessary for one or more of the entity's functions. Sensitive information requires consent.

APP 5 — Notification of collection

At or before collection (or as soon as practicable after), notify the individual of the collection, the purposes, the recipients, the consequences of not collecting, and how to access/correct.

APP 8 — Cross-border disclosure

Before disclosing personal information to an overseas recipient, take reasonable steps to ensure the recipient does not breach the APPs. The discloser remains accountable.

APP 11 — Security of personal information

Take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. Destroy or de-identify when no longer needed.

NDB scheme — Notifiable Data Breaches

When an eligible data breach occurs (likely to result in serious harm), notify the OAIC and affected individuals as soon as practicable. Documented assessment of "eligible" status, timeline, and notification content required.

How Arkova fits

Where Arkova adds an independent layer.

OAIC investigations under the NDB scheme frequently turn on the "as soon as practicable" notification timing. Anchored timestamps for breach awareness, eligibility assessment, and notification dispatch make the timing claim objectively verifiable. Disputes about whether your team actually concluded the breach was eligible on day X (and notified by day Y) become trivial to resolve.

For APP 1 transparency, anchored privacy-policy versions let you produce the exact policy in effect at any prior date. For APP 8 cross-border disclosure, anchored disclosure records establish the timeline and content of every offshore transfer — useful when an investigation looks at a specific incident months or years after the fact.

Layer cryptographic evidence on top of your Australian Privacy Principles program.

If you're an APP entity that wants Australian privacy evidence with timestamps the OAIC can verify independently, we'd like to discuss an early-access pilot.

Arkova is in private beta. Features described on this page are being built and refined with pilot customers right now. Some controls and integrations are live today; others are in active development. Talk to us about the parts most relevant to your workload.

Request Early Access