What regulations does Compliable check?

Compliable checks content against GDPR, EU AI Act, CCPA, HIPAA, and FTC guidelines. More regulations are added regularly.

How fast is the compliance check API?

Compliable returns compliance results in under 800ms p95, making it suitable for real-time AI agent pipelines.

Is Compliable suitable for AI agents?

Yes. Compliable is designed to be called by AI agents before publishing or acting on any content. It returns structured JSON that agents can parse and act on automatically.

Does Compliable store my content?

No. Content is processed in-flight and immediately discarded. Nothing is stored or logged.

API Reference

Complete technical reference for all Compliable API endpoints.

Base URL

https://api.compliable.dev

Authentication

All API requests require an API key passed via the Authorization header as a Bearer token.

Example

Authorization: Bearer comp_sk_live_1234567890abcdef

Important: Never expose your API key in client-side code. All requests should be made from your backend.

POST

/v1/check

Check AI-generated content for compliance violations against GDPR, CCPA, HIPAA, or the EU AI Act.

Request Body

Parameter	Type	Required	Description
content	string	Yes	The AI-generated text to check for compliance violations. Max length: 50,000 characters.
context	string	Yes	The type of content being checked. Valid values: `privacy_policy`, `terms_of_service`, `user_disclosure`, `email`, `chatbot_response`, `marketing_copy`
jurisdiction	string	Yes	The regulatory jurisdiction to check against. Valid values: `EU` (GDPR + EU AI Act), `US_CA` (CCPA), `US_HIPAA`
metadata	object	No	Optional metadata object for tracking purposes. Keys: `user_id`, `request_id`, `tags`

Response Schema

200 OK

{
  "pass": boolean,
  "violations": [
    {
      "regulation": "GDPR" | "CCPA" | "HIPAA" | "EU_AI_ACT",
      "article": string,
      "severity": "critical" | "high" | "medium" | "low",
      "issue": string,
      "context": string,
      "suggestion": string,
      "line_number": number | null
    }
  ],
  "jurisdiction": string,
  "checked_at": string (ISO 8601),
  "request_id": string
}

Example Request

cURL

curl -X POST https://api.compliable.dev/v1/check \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "We use cookies to enhance your experience. By continuing to use our site, you agree to our use of cookies.",
    "context": "user_disclosure",
    "jurisdiction": "EU",
    "metadata": {
      "user_id": "user_123",
      "request_id": "req_abc456"
    }
  }'

Example Response

JSON

{
  "pass": false,
  "violations": [
    {
      "regulation": "GDPR",
      "article": "Art. 4(11) & Art. 7",
      "severity": "critical",
      "issue": "Implied consent through continued use",
      "context": "GDPR requires explicit, freely-given consent. 'By continuing to use our site' is not valid consent under GDPR Art. 7.",
      "suggestion": "Implement an explicit opt-in mechanism (checkbox, button) before setting cookies. Users must actively agree, not passively accept.",
      "line_number": null
    },
    {
      "regulation": "EU_AI_ACT",
      "article": "Art. 52.1",
      "severity": "medium",
      "issue": "Potential AI-generated content not disclosed",
      "context": "If this disclosure was generated by AI, it should be labeled as such per EU AI Act Article 52 transparency requirements.",
      "suggestion": "Add a note indicating if this content was AI-generated (e.g., 'This notice was generated with AI assistance').",
      "line_number": null
    }
  ],
  "jurisdiction": "EU",
  "checked_at": "2025-04-06T14:23:11Z",
  "request_id": "req_abc456"
}

Error Responses

Status Code	Error Code	Description
400	invalid_request	Missing required parameters or invalid parameter values
401	invalid_api_key	The API key is invalid or expired
402	quota_exceeded	Monthly API quota exceeded. Upgrade your plan or wait until next billing cycle.
413	content_too_large	Content exceeds 50,000 character limit
429	rate_limit_exceeded	Too many requests. Rate limit: 100 requests/minute.
500	internal_error	Internal server error. Contact support if persists.

Error Response Schema

Error Response

{
  "error": {
    "code": "invalid_request",
    "message": "Missing required parameter: 'content'",
    "param": "content"
  }
}

Rate Limits

Rate limits are applied per API key and vary by plan:

Plan	Requests/Minute	Monthly Quota
Free	10	100 checks
Starter	60	10,000 checks
Pro	100	100,000 checks
Enterprise	Custom	Unlimited

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Webhooks

Set up webhooks to receive notifications when compliance violations are detected in batch processing or scheduled checks.

Coming soon. Webhooks will be available in the Pro and Enterprise plans.

Getting Started

Regulations