Eight integrated tools.
One compliance posture.

What it does

A headless browser loads your site twice — once with consent accepted, once with consent declined — and fingerprints every cookie, tracker, third-party service, and form. Each detected signal is matched against a 60k+ tracker domain database (DDG Tracker Radar) and classified by category and confidence.

What it outputs

A scan report with: cookie inventory, tracker classification, third-party services list, legal page adequacy check (GDPR Art. 13 / CCPA disclosure), and a regulation-trigger list explaining why each obligation applies to your site.

What it does

Paste a GitHub repository URL. We analyse code, dependencies, and configuration for AI/ML model usage, then classify your system under EU AI Act Article 6 — minimal, limited, high, or unacceptable risk — with the documentation obligations each tier carries.

What it outputs

A risk-classified scan with finding-level evidence: model detection, training data signals, transparency obligation gaps, and human oversight requirements. Each finding links to a recommended remediation and policy template.

What it does

Paste a GitHub repository URL and we pull dependencies, lockfiles, README, and architecture signals. Claude analyses the codebase for supply-chain risk, security posture, and compliance readiness — beyond what automated dependency scanners catch.

What it outputs

A 0–100 score across security, dependency health, and compliance, with an architecture summary and prioritised remediation list. Free preview includes the headline score; the full report unlocks via one-time purchase or Pro subscription.

What it does

Generate Privacy Policy, Cookie Notice, Terms of Service, and the full EU AI Act policy bundle (Articles 9, 10, 11, 13, 14) from your scan output. Every clause traces back to a detected signal — no generic templates, no boilerplate that doesn't apply.

What it outputs

Each document is marked passed, flagged, or rejected. Flagged policies block audit-pack export until reviewed. Documents render in markdown ready for your CMS or legal review pipeline.

What it does

Bundle completed scans, finding-level evidence, and validated policies into a timestamped evidence pack. Each pack carries a status, creation date, and expiry — a timestamped record your DPO or external auditor can reference.

What it outputs

A structured JSON/markdown bundle covering scan summaries, every finding (with severity, evidence, and recommendation), and approved policies. Flagged or rejected policies block export until human review unblocks them.

What it does

Pick your industry — fintech, healthtech, or food — and we run a daily cron across CFPB, SEC, CMS, FDA, and USDA regulatory feeds. New rules, guidance documents, and enforcement actions surface in your dashboard within hours of publication.

What it outputs

Per-change cards with the original source link, a plain-English summary, and the specific actions required of your team. No more email triage, no more PDF parsing — just the changes that matter for your industry.

What it does

Every AI interaction, every policy generation, and every validation outcome lands in an immutable audit log. Flagged policies are queued for human review — visible across all plans because governance is a baseline requirement, not a paid add-on.

What it outputs

A paginated log of AI interactions and policy events plus a flagged-policies review queue. Each entry links to the underlying scan or policy version for full traceability — what regulators expect when they ask 'how did this document get approved?'

What it does

Trigger scans, fetch findings, and pipe compliance signals into your CI/CD or governance dashboards. The same endpoints that power the product are exposed under versioned, API-key-authenticated routes.

What it outputs

Programmatic access to scan creation, scan status, finding retrieval, and policy validation endpoints. Pro plans include 10,000 calls/month; Enterprise plans are unmetered.