A Data Protection Authority writes you. You have 30 days to respond. Nobody on the team can find the suppression list, the opt-out timestamps, or the model decision that let this email go out in the first place. CogniLead writes every step to a tamper-proof Chainlog the moment it happens — and renders the auditor’s artifact on demand. Six A4 pages. One call. Signed URL.
The PDF mirrors the structure of an actual DPA submission — identity first, evidence in the middle, cryptographic verdict at the end. Each page is a separate query against the per-tenant Chainlog shard.
Lead, tenant, target product, generated timestamp, and the chain-integrity badge. Optional Gemini-rendered thumbnail above the title.
eyebrow: "CogniLead · Evidence Pack" lead.company_name: "Medishift AG" chain_integrity: "✓ OK — chain verified" generated_at: "2026-06-03T09:14:22Z"
Company identity, technical hook citation, the ingestion path, jurisdiction tags, and the original Chainlog anchor for the lead row.
company_domain: "medishift.ch" target_product: "audit-log-api" signal_source: "github_repo:medishift/billing" technical_hook_verified: true anchor_audit_id: "evt_01H8…f3b9"
Every email this lead received — sent_at, to_email, subject, AgentGate decision, message_id, delivery state, replies, unsubscribes. Landscape page.
sent_at to_email decision delivered bounced replied 2026-05-12 cto@medishift.ch allow ✓ — ✓ 2026-05-19 cto@medishift.ch allow ✓ — — 2026-05-22 — deny — — —
Every email or domain that caused a send to be skipped — hard bounces, soft-bounce thresholds, complaints, unsubscribes, manual blocks. With reason codes.
email/domain reason added_at cto@medishift.ch unsubscribed 2026-05-23 billing.medishift.ch complaint:spam 2026-04-02
The append-only audit chain for this lead — every actor, every action, every prev_hash → curr_hash link. The tamper-evident spine of the pack.
seq actor action prev_hash curr_hash 001 pitchforge:ingestion lead.ingested 0000…0000 a1f3…9c20 002 pitchforge:agentgate send.evaluated a1f3…9c20 c8e2…4411 003 pitchforge:delivery send.dispatched c8e2…4411 e5d7…0a98
Final page. Re-hashes every event in the trace at render time and prints PASS / FAIL with the verification algorithm name and timestamp. The auditor’s signature line.
algorithm: "sha-256 chain hash, IMPLEMENTATION.md §6" events: 3 verified, 0 broken verdict: PASS verified_at: 2026-06-03T09:14:23Z
CogniLead writes the audit chain whether or not the PDF is ever requested. That’s the point — by the time an auditor calls, the evidence is months old and provably untouched.
When AgentGate clears a send and Resend dispatches it, the runtime appends a hashed event to the per-tenant Chainlog shard. The chain is built whether or not you ever ask for a PDF.
Call /api/v1/evidence/:lead_id/pdf, the MCP evidence_export tool, or the dashboard download button. The renderer loads the lead, sends, suppressions, and chain events for that lead only.
Before bytes leave the server the chain is replayed: every prev_hash → curr_hash link is recomputed. PASS → 6-page PDF + signed download URL. FAIL → the page is still emitted, with the broken event marked in red.
A redacted, fully-rendered pack for a synthetic lead. Same six pages, same chain-integrity check, same signed-URL flow you’d get from the live API. Use it to share with legal before you commit to a contract.
JSON evidence is included free on every tier — the per-lead price buys the rendered PDF, the chain re-verification, and the signed download URL. No subscription, no minimum, billed only when the endpoint is called.
We’re onboarding 5–10 EU SaaS design partners in M3. Every customer gets the evidence pack endpoint from day one — you’ll have something to hand a DPO before you’ve sent the first batch.