Selection processes in academic institutions and public organizations are frequently managed through email and spreadsheets, creating legal vulnerabilities, version-control errors, and data protection non-compliance. This paper presents avalia+Tec, an open-source SaaS platform that enforces cryptographic integrity verification (SHA-256), tamper-evident hash-chained audit trails with external RFC 3161 timestamp anchoring, and end-to-end traceability for selection workflows. The system operates through a responsive web portal for candidate submissions and administrative oversight, and an Electron-based desktop application for structured blind evaluation. A preliminary single-institution deployment at Universidade Estadual de Feira de Santana processing 60 submissions with 6 evaluators was associated with a 65% reduction in review-to-decision cycle time (95% CI: 55%, 73%, Mann–Whitney U = 0 , p = 0.029 , r = 1.0 ), no formal candidate disputes during the observation period, and a 45.4% reduction in evaluator time per submission (95% CI: 26%, 59%). The platform provides technical controls supporting regulatory compliance with Brazil’s LGPD. The scientific contribution resides not in novel cryptographic primitives but in the systematic integration engineering of well-established techniques to address a concrete, underserved institutional governance problem. avalia+Tec is freely available under the MIT License. • Auditable selection workflow using SHA-256 hashing and tamper-evident hash-chained logs. • HMAC-SHA256 signatures ensure integrity in blind peer-review scorecards. • Automation was associated with a 65% reduction in administrative cycle time. • External RFC 3161 timestamp anchoring strengthens tamper-evidence beyond internal controls. • Technical controls supporting LGPD compliance via role-based data segregation and automatic PII redaction.
Santos et al. (Mon,) studied this question.