A supply chain for data

Ship datasets like signed binaries.

A .surx container is a queryable dataset with an Ed25519 signature, encrypted columns, and an audit trail. Verification names the exact file that changed — and a public transparency log makes the proof independent of you.

Apache-2.0 · Python 3.10+ · verify is free, forever · read the threat model

log entry #1042 VERIFIED
dataset
finetune-v3.surx · 3,000 rows
root
9f2a…c41e (sha-256, 11 entries)
changed
chunks/source=vendor/part-000001.parquet
signer
data-team@release-v3
sealed
2026-07-08T14:02:11Z · RFC 3161
chain
prev 55c1…09be → this 8e7d…f210
This is what your CI sees. Try to sneak a change past it.
Why this exists

Data ships naked. Software never does.

Provenance that survives the handoff

Training sets, evals and client deliverables move through vendors, buckets and laptops. A signature proves who produced exactly these bytes — long after they left your infra.

Failure that names itself

Checksum mismatch tells you nothing. surx verify reports the exact entry modified, added or removed — and whether the audit log was rewritten. Exit 1 stops the pipeline.

PII travels sealed, data stays usable

Encrypt columns, not files. Recipients query everything else without the passphrase; sidecars are cryptographically bound so they can't be spliced between containers.

Three commands

From DataFrame to public proof.

01 · sign

Seal it locally

Write the container, encrypt sensitive columns, sign with your key.

surx write data.csv trainset.surx surx encrypt trainset.surx pii_col surx sign trainset.surx --key team.key
02 · notarize

Anchor it publicly

One call appends it to the transparency log. The proof no longer depends on trusting you.

surx seal trainset.surx # → seal sf-00001042 · log #1042 # → https://…/s/sf-00001042
03 · verify

Anyone checks, free

Consumers and CI verify offline against the seal, online against the log.

surx check-seal trainset.surx # local ✓ issuer ✓ registry ✓ # tampered → names the chunk, exit 1
Pricing

Verification is free. Sealing is the product.

Open

$0 forever
  • Unlimited local signing & verifying
  • 10 notarized seals / month
  • Public verification pages & README badges
  • Apache-2.0 library & CLI
Start on GitHub

Pro

$19 / month
  • 500 notarized seals / month
  • RFC 3161 timestamps on every seal
  • Signed log checkpoints (anti-rollback)
  • Email support
Get Pro

Business

$99 / month
  • 5,000 notarized seals / month
  • Everything in Pro
  • Self-hosting support & onboarding
  • Priority fixes
Get Business
Received a .surx file?

Check a seal.

Or offline: surx check-seal file.surx