Average GDPR fine: €1.2M · EU AI Act Annex III enforcement: 2 August 2026 (phased)
One platform for GDPR, CCPA, and EU AI Act. Scan, document, monitor, and export audit packs — without a legal retainer.
Vibe-Coded Audit
$299 one-time
Full GitHub repo scan + AI remediation patches for any AI-generated codebase (Cursor, Copilot, v0, Bolt, Windsurf). Most vibe-coded apps contain at least one exploitable vulnerability. For Lovable-specific patterns (Supabase RLS bypass, removed-auth-header IDOR), see the Lovable Security Audit.
Get the auditEU AI Act Audit Pack
$39 one-time
Static compliance binder · No subscription required
Enterprise buyers sending EU AI Act questionnaires before signing? Get a scan-driven compliance binder generated from your GitHub repo — 6 auditor-ready named documents, generated once, no recurring charge.
HIPAA Audit Pack
$9,990 one-time
Hospital procurement requires §164.308 Risk Analysis, Safeguards Summary, Breach Notification Protocol, and BAA Checklist. Generate all four from your GitHub repo in under 10 minutes. Verifiable certificate URL included.
DORA FinTech Audit Pack
€4,990 one-time
EU/UK FinTech under DORA enforcement? Get 4 auditor-ready documents — ICT Risk Framework, Incident Reporting Protocol, TLPT Plan, and Third-Party Risk Register — generated from your scan evidence.
AI Agent Evaluation
$4,990 one-time
+$1,990 quarterly retest · certificate renewed
Independent third-party evaluation across 5 suites (Capability, Safety, Adversarial Jailbreak, Tool-Use Correctness, Refusal Calibration). Signed certificate + public registry listing. Not a vendor self-attestation.
One-time packs are non-refundable once the deliverable is issued. Exceptions apply for material defects — Terms of Service §5.
Need continuous monitoring, scan history, and policy generation? Choose a plan below.
Framework add-ons
Add framework-specific monitoring on top of any plan — regulatory change alerts, policy drift detection, and auditor-ready evidence bundles for the frameworks your business is actually subject to.
EU AI Act
$49/moRegulatory change alerts on Annex III obligations, GPAI rules, and enforcement deadlines. Auto-flags drift in your AI system policies after each update.
GDPR + CCPA
$49/moDPA guidance updates, consent management drift alerts, and cross-border transfer rule changes. Weekly re-scan against your live privacy policy.
HIPAA
$99/moOCR enforcement bulletins, PHI handling drift detection, and §164.308 Risk Analysis freshness checks. BAA coverage gap alerts on every API change.
SOC 2
$79/moControl status tracking across Trust Service Criteria, evidence freshness reminders, and gap alerts when code changes touch audited controls.
Add-ons require an active Starter or Professional subscription. Contact sales to activate.
| Feature | Free | Starter | Professional | Enterprise |
|---|---|---|---|---|
| Website scans / mo | 1 | 10 | 50 | 500 |
| AI system scans / mo | 1 preview | 3 | 15 | 50 |
| GDPR/CCPA document generation | — | |||
| EU AI Act policy generation | — | |||
| All 5 EU AI Act policy types | — | — | ||
| Scan history | — | |||
| Continuous monitoring + alerts | — | — | ||
| Live scan evidence export | — | — | ||
| One-time report purchase | $29 | $29 | Included | Included |
| Priority support | — | Priority | Dedicated | |
| API access | — | — | 10,000/mo | Unlimited |
Professional and Enterprise plans include REST API access. Read the API docs
Not ready for a subscription?
One-time Compliance Report — $29
Scan a single URL and get a full compliance PDF: all findings, risk flags, and remediation steps. No subscription, no recurring charge. Buy 2 and you're already at Starter territory.
Run a scan to get your reportProfessional and Enterprise plans export a structured JSON/markdown bundle from your live AI system scans — every finding linked to its scan, every policy to its validation status, all timestamped for review.Looking for a one-time EU AI Act compliance binder? See the EU AI Act Audit Pack →
For each included scan: repo URL, EU AI Act Article 6 risk classification (minimal/limited/high/unacceptable), Claude-generated summary, and completion timestamp.
Every detected gap from the scan: category, finding text, severity, raw evidence excerpt from your code or site, and the recommended remediation. Each finding is linked back to the scan that produced it.
Privacy Policy, Cookie Notice, Terms of Service, and EU AI Act policies you generated and approved — only policies in 'passed' or 'approved' state are included; flagged or rejected policies block export until reviewed.
Title, status, creation timestamp, and expiry date — auditable identifiers your DPO or external auditor can reference. Exports as JSON; convert to PDF or DOCX through your in-house tooling as needed.
EU AI Act enforcement is phased: prohibited practices since Feb 2025; GPAI obligations since Aug 2025; high-risk system (Annex III) obligations begin 2 August 2026
All plans include AI system scanning. Starter+ includes full EU AI Act gap analysis and policy generation.
Yes. Cancel at any time and retain access until the end of your billing period.
We offer a 14-day money-back guarantee for new monthly and annual subscriptions. One-time pack purchases (Vibe-Coded Audit, MCP Audit, Agent Evaluation, DORA Pack, HIPAA Pack) are non-refundable once the deliverable is issued, except for material defects as described in our Terms of Service.
All major credit cards via Stripe. All billing is processed in USD.
Website scans analyze your live site for cookies, trackers, third-party services, and legal page coverage (GDPR/CCPA). AI system scans analyze your GitHub repository for EU AI Act compliance — AI model usage, risk classification, transparency obligations, and policy gaps.
Need a custom arrangement or have compliance-specific questions?
Regulatory Signals provides compliance monitoring and evidence collection tools. Generated documents are informational drafts, not legal advice. All output should be reviewed and approved by qualified legal counsel before use. Scans do not constitute certification or guarantee of regulatory compliance. Read our methodology and full disclaimer.