It certainly could do, but not any more than any other CI provider. I assume you would want to do this from an auditing perspective.
To my mind, it depends on what assurances an auditor would need. For example, if you write some software to help them verify that a deployment is an accurate reflection of a branch, then they would need to trust your code. If they are willing to do that, then great - if not then you might have to have a conversation with them about what baseline they are willing to trust.
A simple version would be a deployment system that checks out a Git repo at a specific tag, does an automated build, pushes it to a staging area, and waits for your authorisation to run migrations and deploy. Then it would hop to a waiting state for your authorisation on migrations and deployment to live. That is an auditable system where you could keep the logs in Circle and GitHub to show there was minimal capacity for code tampering, but you would need to get buy-in from the auditor (or whoever) to see if that would satisfy them.
You could expand this to add API endpoints in your application to hash the project files in a set of application directories, but an auditor would need to see your hashing code to ensure it is not giving faked responses. 