About · The Data Policy Platform for AI

We exist to put data policy back under control.

For centuries, organizations governed data through policy — written rules, approval chains, audit trails a regulator could read. AI breaks that pattern: every model, agent, and pipeline now makes data-policy decisions humans can no longer trace or prove. Dobby is the Data Policy Platform for AI — one control plane, multiple compliance modules — built to put that governance back.

Today's flagship module: Fintech AI Evidence — EU AI Act, DORA, SOC 2 — for AI vendors passing bank procurement and vendor-risk review. Modules for enterprise, healthcare, and public sector are in development.

Why we exist

Every consequential decision used to leave a trail. Now the AI just runs.

A loan, a trade, an underwriting call, a hiring filter — each once left a record, an approver, an audit trail. As organizations hand those decisions to AI, the decisions still get made, but the governance disappears. The policies a company wrote are quietly bypassed by the model sitting on top.

Before

Policy you could read

Rules, approval chains, and audit trails a regulator, an auditor, or a counterparty could ask about — and get an answer.
human-readable
The break

Governance disappears

The model ran. The inputs, the reasoning, the human checkpoints a policy required — no record a regulator or procurement team will accept.
unprovable
Our bet

Policy, put back

Every regulated domain will need its own AI-policy evidence. We're building the platform that ships those modules — instead of point-solving one vertical at a time.
one module at a time
What we're building

One control plane. Multiple compliance modules.

Dobby connects to your AI activity out-of-band — no gateway, never in the request path. Non-custodial by design: raw payloads can be routed to a customer-owned dataset — enforced for regulated modules (Fintech AI Evidence), available opt-in elsewhere. Each tenant activates the compliance modules it needs; the engine scans every run against the frameworks that apply across a four-layer policy hierarchy, and exports an audit-ready evidence pack per framework.

4
policy layers
Platform → Org → Tenant → Process. Stricter-wins, so the tightest rule always applies.
4
verdict states
Compliant, violated, needs-review, or unverifiable. Dobby never reports false compliance — a gap surfaces as a gap.
3
data regions
IL, EU, and US. A workspace pins its region at creation; tenant data never crosses it.

See the full connect → scan → evidence flow on the homepage →

What we believe

Honest by design, non-custodial architecture.

The principles the platform is built on — the ones we'd rather lose a feature than break.

Honesty

We never fake a pass

When the evidence isn't sufficient to prove a control, Dobby says unverifiable — not “compliant.” The four-state verdict is the whole point: knowing when we can't prove something is more valuable than pretending we can.
four-state verdict
Trust

Your data, your store

Non-custodial by design. Dobby holds metadata, findings, and signed evidence; raw prompt/response content can be routed to a customer-owned dataset — enforced for regulated modules (Fintech AI Evidence), available opt-in elsewhere. Always out-of-band: Dobby never sits in the request path.
out-of-band
Architecture

Built for many domains

Frameworks are data; detectors are plugins. The same engine that runs Fintech AI Evidence today runs every module we ship next — across healthcare, public sector, and enterprise data policy.
framework-agnostic
Security

Residency & security first

Regional data residency (IL / EU / US), AES-256 encryption, per-tenant key derivation, and an immutable audit trail. Built for the regulated industries we serve.
IL · EU · US
The story so far

From an idea to a live module.

How Dobby came together — and where it's going.

2026 · Founded

Where it started

One question set the direction: when an AI makes a data-policy decision, can you still prove what happened? Dobby was built to make the answer yes.

The engine

Out-of-band scanner + evidence pack

Built the out-of-band compliance scanner — deterministic rules plus AI evaluation, the four-state verdict, and a code-complete Evidence Pack: control matrix, gap report, findings, and a tamper-evident SHA-256 manifest.

Module #1

Fintech AI EvidenceLive

The flagship module ships scanners and an Evidence Pack for EU AI Act, DORA, and SOC 2 — the frameworks an AI vendor meets in a bank's procurement and vendor-risk review.

Multi-module

One platform, many modules

The control plane is framework-agnostic by design — the foundation that lets new compliance modules ship across regulated domains without rebuilding the engine.

What's next

More modules

Modules for enterprise data policy, healthcare, and public sector move through development — each shipping on the same out-of-band engine; non-custodial routing is enforced for regulated modules and available opt-in elsewhere.

Dobby AI, Inc. — Delaware C-CorpFounded — 2026Based in — Israel · Tel Aviv & Northern IsraelOut-of-band · non-custodial by design
Who's building Dobby

The people behind the platform.

A compliance platform is a trust product — so here's who's accountable for it.

Gil Kal

Co-founder · CEO & CTO
Leads Dobby's architecture and engineering — the out-of-band scanner, the evidence engine, and the platform underneath.

Yahel Porat

Co-founder · Head of Design & Content
Leads Dobby's product design, brand, and the content that makes the platform legible.
Get started

Put your data policy back under control.

Start with Fintech AI Evidence — connect a workflow, scan it against EU AI Act + DORA + SOC 2, export the evidence pack. Start free, no credit card required.

$ pip install dobby-collector
$ # instrument your agent — two lines
✓ connected · scanning against eu_ai_act + dora
your first evidence pack is ready to export.
About — Dobby AI