What regulations does Compliable check?

Compliable checks content against GDPR, EU AI Act, CCPA, HIPAA, and FTC guidelines. More regulations are added regularly.

How fast is the compliance check API?

Compliable returns compliance results quickly, making it suitable for real-time AI agent pipelines and asynchronous batch processing.

Is Compliable suitable for AI agents?

Yes. Compliable is designed to be called by AI agents before publishing or acting on any content. It returns structured JSON that agents can parse and act on automatically.

Does Compliable store my content?

No. Content is processed in-flight and immediately discarded. Nothing is stored or logged.

Quick Start

Check AI-generated content for compliance violations in under 5 minutes.

1. Get your API key

2. Make your first request

Send a POST request to https://api.compliable.dev/v1/check/gdpr with your content, scope (framework-specific options), and context (document info).

cURL

curl -X POST https://api.compliable.dev/v1/check/gdpr \
  -H "Authorization: Bearer cpbl_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "We collect your data and may share it with partners for marketing purposes.",
    "scope": {
      "jurisdiction": "EU"
    },
    "context": {
      "documentType": "privacy_policy",
      "industry": "saas"
    }
  }'

Node.js

const response = await fetch("https://api.compliable.dev/v1/check/gdpr", {
  method: "POST",
  headers: {
    "Authorization": "Bearer cpbl_your_api_key_here",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    content: "We collect your data and may share it with partners for marketing purposes.",
    scope: {
      jurisdiction: "EU"
    },
    context: {
      documentType: "privacy_policy",
      industry: "saas"
    }
  })
});

const result = await response.json();

if (result.success) {
  console.log(`Framework: ${result.data.framework}`);
  console.log(`Found ${result.data.violationCount} violations`);
  result.data.violations.forEach(v => {
    console.log(`[${v.severity}] ${v.rule}: ${v.description}`);
  });
} else {
  console.error(`Error: ${result.error.message}`);
}

Python

import requests

response = requests.post(
    "https://api.compliable.dev/v1/check/gdpr",
    headers={
        "Authorization": "Bearer cpbl_your_api_key_here",
        "Content-Type": "application/json"
    },
    json={
        "content": "We collect your data and may share it with partners for marketing purposes.",
        "scope": {
            "jurisdiction": "EU"
        },
        "context": {
            "documentType": "privacy_policy",
            "industry": "saas"
        }
    }
)

result = response.json()

if result['success']:
    print(f"Framework: {result['data']['framework']}")
    print(f"Found {result['data']['violationCount']} violations")
    for violation in result['data']['violations']:
        print(f"[{violation['severity']}] {violation['rule']}: {violation['description']}")
else:
    print(f"Error: {result['error']['message']}")

package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

type CheckRequest struct {
    Content string                 `json:"content"`
    Scope   map[string]interface{} `json:"scope"`
    Context map[string]interface{} `json:"context"`
}

type CheckResponse struct {
    Success bool `json:"success"`
    Data    struct {
        CheckID          string      `json:"checkId"`
        Framework        string      `json:"framework"`
        IsCompliant      bool        `json:"isCompliant"`
        ViolationCount   int         `json:"violationCount"`
        Violations       []Violation `json:"violations"`
        ProcessingTimeMs int         `json:"processingTimeMs"`
        CheckedAt        string      `json:"checkedAt"`
    } `json:"data"`
}

type Violation struct {
    RuleCode     string `json:"ruleCode"`
    Rule         string `json:"rule"`
    Severity     string `json:"severity"`
    Description  string `json:"description"`
    Location     string `json:"location"`
    SuggestedFix string `json:"suggestedFix"`
}

func main() {
    reqBody := CheckRequest{
        Content: "We collect your data and may share it with partners.",
        Scope: map[string]interface{}{
            "jurisdiction": "EU",
        },
        Context: map[string]interface{}{
            "documentType": "privacy_policy",
            "industry":     "saas",
        },
    }

    jsonData, _ := json.Marshal(reqBody)
    req, _ := http.NewRequest("POST", "https://api.compliable.dev/v1/check/gdpr", bytes.NewBuffer(jsonData))
    req.Header.Set("Authorization", "Bearer cpbl_your_api_key_here")
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()

    var result CheckResponse
    json.NewDecoder(resp.Body).Decode(&result)

    if result.Success {
        fmt.Printf("Framework: %s\n", result.Data.Framework)
        fmt.Printf("Found %d violations\n", result.Data.ViolationCount)
        for _, v := range result.Data.Violations {
            fmt.Printf("[%s] %s: %s\n", v.Severity, v.Rule, v.Description)
        }
    }
}

Available Frameworks: Replace gdpr with ccpa or hipaa to check against different regulations.

3. Handle the response

Compliable returns a structured JSON response with the framework used, compliance violations, severity levels, and actionable fixes.

Response

{
  "success": true,
  "data": {
    "checkId": "83f57b8f-e207-4da1-97dd-7c50f95fb35d",
    "framework": "gdpr",
    "isCompliant": false,
    "violationCount": 2,
    "violations": [
      {
        "ruleCode": "GDPR-ART-13-1-E",
        "rule": "Article 13(1)(e)",
        "severity": "high",
        "description": "Third-party recipients not named. The term 'partners' is too vague. GDPR requires you to name specific third parties who receive personal data.",
        "location": "Entire document",
        "suggestedFix": "Replace 'partners' with actual company names (e.g., 'Google Analytics, Mailchimp')."
      },
      {
        "ruleCode": "GDPR-ART-6-1-A",
        "rule": "Article 6(1)(a)",
        "severity": "critical",
        "description": "No valid legal basis for data processing. Sharing data 'for marketing purposes' requires explicit consent under GDPR.",
        "location": "Entire document",
        "suggestedFix": "Add explicit consent mechanism or cite a different legal basis (legitimate interest, contract necessity)."
      }
    ],
    "processingTimeMs": 1245,
    "checkedAt": "2026-04-10T11:25:37.128Z"
  }
}

Request Parameters

Parameter	Type	Required	Description
content	string	Yes	The AI-generated text to check for compliance violations (max 1.5MB).
scope	object	No	Framework-specific analysis options (e.g., jurisdiction for GDPR, businessType for CCPA).
context	object	No	Document context shared across frameworks (documentType, industry).
context.documentType	string	No	Type of document: `privacy_policy`, `terms_of_service`, `cookie_policy`, `dpa`
context.industry	string	No	Industry context: `healthcare`, `finance`, `saas`, `ecommerce`

Size Limits

Item	Limit
Request body	2 MB max
`content` field	1.5 MB max
`scope/context` fields	100 KB max combined

Token Limits

Token limits vary by subscription tier. If your content exceeds the limit, you'll receive a TOKEN_LIMIT_EXCEEDED error.

Tier	Token Limit
Free	2,000 tokens
Starter	4,000 tokens
Pro	8,000 tokens
Scale	16,000 tokens

Getting Started

Regulations

Integrations

Quick Start

1. Get your API key

2. Make your first request

3. Handle the response

Request Parameters

Size Limits

Token Limits

Next Steps

→ Full API Reference

→ GDPR Compliance Guide

→ CCPA Compliance Guide