2
9 Comments

I built a tamper-proof AI audit trail API in 14 days from Indonesia. 72 days until EU AI Act. Here's what I learned.

I'm 18, based in Bandung, Indonesia. I built AIDAL — an API that logs every AI decision with a SHA-256 hash chain, plain-English explanation, and automatic compliance checking for EU AI Act, MAS FEAT, OJK, and VARA.
The whole thing took 14 days. FastAPI on Railway, PostgreSQL, Groq for AI explanations, GPG-signed daily anchors published to GitHub.
What it does in one API call:

Creates a tamper-proof hash chain — any tampering is mathematically detectable
Generates a plain-English explanation of the decision
Checks compliance against the relevant regulator's requirements
Returns a public verify URL any regulator can check without logging in

What I got right:
Starting with the infrastructure problem, not the legal problem. Everyone else is selling compliance documents. I built the thing that makes the documents provable.

What I got wrong:
Underestimating how hard it is to reach compliance officers. Developers find me easily. The person who actually needs this — the CCO at a Singapore fintech is much harder to get in front of.

Where I am now:
0 paying customers. Several warm conversations. 72 days until the EU AI Act deadline that makes this mandatory.
Free during beta: tryaidal.github.io/landing_page_aidal
Honest feedback welcome — especially if you've sold B2B compliance tools before.

on May 20, 2026
  1. 1

    This is a strong wedge because you’re not just selling “AI compliance.” You’re solving the infrastructure problem underneath compliance: can a company prove what the AI decided, why it decided it, when it happened, and whether the record was tampered with later.

    That matters a lot for the buyer you’re struggling to reach. A developer may understand the hash chain, but a compliance officer cares about auditability, regulator confidence, and reducing personal/business risk before deadlines hit. I’d make the CCO-facing message less about the API build and more about “provable AI decision records before the regulator asks.”

    The naming also matters here. AIDAL is understandable, but it still sounds like another AI tool. If this becomes serious audit-trail infrastructure for fintech, health, insurance, or regulated AI systems, Davoq.com would feel more durable and enterprise-grade for that trust layer.

    1. 1

      This is the most useful feedback I've gotten! The CCO messaging point is exactly right, I've been leading with the infrastructure story because developers get it instantly, but the actual buyer cares about one thing: "will this protect me when the regulator shows up." Updating the positioning. Thank you for taking the time to actually read it and think about it.

      1. 1

        Glad it helped. I think that CCO/regulator framing is the sharper buyer path here.

        One thing I would not leave too late is the naming layer. If AIDAL stays as a lightweight AI compliance tool, the name is understandable enough. But if you are positioning this as serious audit-trail infrastructure for regulated AI decisions, the name has to carry more trust than “AI tool.”

        That is why Davoq.com stood out to me for this direction. It feels more like durable compliance infrastructure than an AI app, which matters when the buyer is a CCO, risk lead, or regulated enterprise team.

        I’d pressure-test that before you rewrite the landing page around the new regulator-facing message. If the positioning is moving upmarket, the name should probably move with it.

        1. 1

          Fair point on the naming "AI tool" vs "compliance infrastructure" is a real perception gap. I'm holding off on a rebrand until after the first paying customer, but it's noted. Davoq is interesting, what made it feel more institutional to you specifically? Trying to understand whether it's the sound, the lack of "AI" in the name, or something else.

          1. 1

            Good question.

            It is mainly three things.

            First, Davoq does not sound like an “AI app.” For regulated buyers, that matters. AIDAL explains the category, but it still feels like a tool. Davoq feels more like a control layer, system of record, or audit infrastructure.

            Second, the sound is harder and more institutional. Short, technical, and serious without feeling playful. That fits CCOs, risk teams, fintech, health, insurance, and regulated AI buyers better than a name that leads with “AI.”

            Third, it gives you room to move beyond one compliance feature. If this becomes tamper-proof AI decision records, audit trails, regulator-ready logs, policy evidence, and enterprise risk infrastructure, Davoq can carry that broader trust layer.

            I agree you do not need to rebrand before the first paying customer.

            But I would separate rebranding from securing the name. If Davoq is a serious candidate for the infrastructure version, it is better to discuss controlling Davoq.com before you rewrite the landing page, start CCO conversations, and build early customer memory around AIDAL.

            I control Davoq.com, so if it is just a naming reference, no issue. But if it feels like a real candidate for the regulated-AI audit infrastructure direction, happy to discuss privately and keep the acquisition side simple and founder-friendly.

            1. 1

              Really appreciate the breakdown! the "control layer vs tool" framing is exactly the distinction I've been trying to articulate. Would love to continue this privately. Is there a good way to reach you?

              1. 1

                Yes, best place is LinkedIn:

                https://www.linkedin.com/in/aryan-y-0163b0278/

                Happy to continue there. If Davoq is genuinely a candidate for the regulated-AI audit infrastructure direction, we can pressure-test the fit privately and keep the acquisition side simple.

                1. 1

                  Alright! sent a connection request.

                  1. 1

                    Found your AIDAL founder profile on LinkedIn and sent the request there.

                    Looks like it is pending now. Accept it when you get a chance and we can continue privately around Davoq.

Trending on Indie Hackers
The hardest part isn't building anymore User Avatar 90 comments I sold $6,773 in 2 weeks, with almost no existing community. User Avatar 60 comments Before you build another feature, use this workflow User Avatar 40 comments Ferguson is LIVE on ProductHunt today... so I audited their homepage first! User Avatar 38 comments Built a local-first Amazon profit-by-SKU + QuickBooks/Xero journal tool. Looking for founding users. User Avatar 32 comments I spent months chasing clients who already had a webmaster. So I built something that only finds the ones who don't. User Avatar 27 comments