Every regulated firm runs on evidence. Most engineering teams produce none.
Déjà builds the cryptographic evidence-custody infrastructure that regulated firms need and the market doesn't currently produce. Not documentation. Not artifacts. Evidence.
The thesis
Regulated industries have a structural evidence problem.
very compliance framework — SOC 2 Type II, ISO 27001, HIPAA, PCI-DSS, NYDFS Part 500, DORA, SR 11-7, FFIEC IT Examination, GDPR — asks the same fundamental question: can you prove that your systems behaved the way your controls claim they do? Auditors don't want to be convinced. They want to be shown. And what they want to be shown is evidence.
But the way most engineering teams produce evidence today is manual reconstruction at audit time. Someone opens Jira, exports tickets. Someone else copies Slack threads into a wiki page. A third person runs queries against production logs and pastes the results into Google Docs. The evidence exists, but it's scattered across systems, edited after the fact, and unverifiable.
“The audit trail your compliance team hands to auditors isn't evidence — it's a story told by humans about what they think happened. Déjà exists because that's not good enough for regulated industries, and it's getting worse as systems get more complex.”
— Déjà · founding thesis · 2025The architectural insight behind Déjà is that evidence has to be produced at the moment the event occurs, not reconstructed afterward. A signed receipt issued when a production incident is causally attributed to a specific PR — and immutable after issuance — is fundamentally different from a postmortem written three days later.
The first is evidence. The second is narration.
Postmortems and incident reports are documents for humans. Déjà flips that inversion: evidence is the output, and human-readable documentation is derived from it — not the other way around. Every design decision flows from the same architectural commitment: produce evidence at the source, and make it verifiable independent of the vendor.
Our principles · from concept to architecture
Principles that shape what we ship.
Principles are cheap. Commitments that constrain product decisions are not. Every principle here cites the shipped artifact that proves the commitment isn't rhetorical — receipts for our values.
Principle 01
Deterministic over probabilistic.
Probabilistic systems — LLM-powered suggestions, statistical correlation engines — are built on guesses that might be right most of the time. Regulated industries need answers that are right every time, or an explicit acknowledgment the system couldn't produce a definitive answer. No “best guesses” that become audit liabilities.
Principle 02
Open over proprietary.
A closed evidence format means vendor lock-in — and for regulated industries, vendor lock-in is a governance risk, not just a commercial inconvenience. If the vendor disappears, is breached, or changes terms unfavorably, the evidence must still verify.
Principle 03
Evidence over documentation.
Postmortems and incident reports are narration — prose written after the fact that describes what someone thinks happened. Useful for learning; not evidence an auditor can verify. Déjà produces structured, signed receipts at the moment of attribution; documentation is derived from evidence, not the other way around.
Principle 04
Standards over lock-in.
We'd rather be the company that defined an open standard than the only company selling a proprietary format. The commercial product exists because operating the infrastructure at scale requires dedicated engineering — but the specification itself is not the moat. If a competitor eventually adopts DSR/1.0, the category becomes evidence-first — and that's the win.
DSR/1.0 · the open standard
Déjà isn't building a product. We're building a standard.
DSR/1.0 — the Déjà Signed Receipt specification — defines the canonical format for cryptographically signed incident-attribution evidence. It's published under Apache-2.0, maintained by a working group that includes Charter customers, and referenced in four patent applications covering the underlying attribution mechanism, the Schema Deduction Engine, and append-only ledger architecture.
The product Déjà sells is the infrastructure to produce, store, and serve DSR/1.0 receipts at scale. If DSR/1.0 becomes the default evidence format for regulated industries — including if other vendors adopt it — that's the outcome we want.
Read the DSR/1.0 specification →The team · building DSR/1.0 v1
Small, focused, deliberately so.
Charles
Founder & CEO
Fifteen years building AI and technology inside regulated financial institutions — the rooms where audit evidence gets requested, reconstructed, and contested. Déjà is the infrastructure those rooms were missing.
Déjà is a founder-led company with a small founding team. We're keeping the team deliberately small while we build the foundation — the spec, the product, the first Charter customers. Scaling the team comes after DSR/1.0 v1 ships and the Charter cohort is seated.
Where we are · status as of June 2026
Concrete milestones, concrete dates.
Early-stage companies often speak in aspirations. We prefer to speak in shipped artifacts — so the milestones below follow the same rule as our receipts: what happened is checkable; what hasn't happened yet is labeled a target, not a fact.
Non-provisional CIP filed
Schema Deduction Engine non-provisional continuation-in-part, on file with the USPTO.
Verify · USPTO public recordPatent family · 4 applications
Covering attribution mechanism, receipt format, and append-only ledger architecture.
Verify · USPTO public recordDSR/1.0 v0.9 published
Specification and dsr-verifier-cli released under Apache-2.0; working group opened.
Verify · read the specCharter program open
Founding-customer cohort seating now. 15 of 15 seats remaining — single live count, same source as the pricing page.
Apply · pricing pageSelf-serve launch
Standard-tier onboarding from sign-up to first signed receipt, fully self-serve.
SOC 2 — Type I, then Type II
Type I targeted Q3 2026; Type II follows its observation window. Reports available to customers under NDA on completion.
DSR/1.0 v1 ratified
First ratified version of the spec, published under Apache-2.0 with working-group sign-off.
ISO 27001 + Enterprise GA
ISO 27001 certification and full Enterprise readiness: multi-vault, custom retention, dedicated CSM.
Want the mechanism? The deterministic engine, the eight-signal CCS, and the receipt lifecycle live on How it works; the gates, the category argument, and the zero-trust property live on Why Déjà. This page is about why the company exists — those pages are about why the product works.
How it works →Why Déjà →Stop writing postmortems by hand. Stop reconstructing evidence at audit time.
Three doors
Three ways to be part of this.
★ Founding · commercial
Apply for Charter
15-seat founding cohort. Locked-for-life pricing, direct product input, a permanent voice in DSR/1.0. Closes when filled — 15 seats remain.
Apply for Charter →● Trial · commercial
Start the trial
Standard tier, fully featured, no card. Your 14 days begin when your first receipt signs — about 15 minutes of setup away.
Start the trial →◌ Technical · open
Read the DSR/1.0 spec
Open specification, Apache-2.0 CLI, evaluate the receipt format with no account and no sales conversation. The standard is the front door for skeptics.
Install the CLI →