What regulations does Compliable check?

Compliable checks content against GDPR, EU AI Act, CCPA, HIPAA, and FTC guidelines. More regulations are added regularly.

How fast is the compliance check API?

Compliable returns compliance results quickly, making it suitable for real-time AI agent pipelines and asynchronous batch processing.

Is Compliable suitable for AI agents?

Yes. Compliable is designed to be called by AI agents before publishing or acting on any content. It returns structured JSON that agents can parse and act on automatically.

Does Compliable store my content?

No. Content is processed in-flight and immediately discarded. Nothing is stored or logged.

CCPA Compliance

What Compliable checks for when validating AI-generated content against the California Consumer Privacy Act (CCPA).

Overview

The California Consumer Privacy Act (CCPA) gives California residents specific rights over their personal information. It applies to businesses that:

Have gross annual revenues over $25 million, OR
Buy, sell, or share personal info of 100,000+ California residents, OR
Derive 50%+ of revenue from selling California residents' personal info

API Endpoint: Use POST /v1/check/ccpa for CCPA compliance checks.

Common Violations Compliable Detects

Missing "Do Not Sell" Link

CRITICAL

CCPA § 1798.135

The Issue: Your website or privacy policy is missing the required "Do Not Sell or Share My Personal Information" link.

❌ "You can opt out of marketing emails here."

Why It Fails: CCPA § 1798.135 requires a clear, conspicuous link titled exactly "Do Not Sell or Share My Personal Information" on your homepage and privacy policy.

✓ "Do Not Sell or Share My Personal Information" (exact wording required)

Vague Data Categories

HIGH

CCPA § 1798.100

The Issue: Using vague terms like "information you provide" instead of listing specific data categories.

❌ "We collect information you provide to us."

Why It Fails: CCPA § 1798.100 requires disclosure of specific categories of personal information collected (e.g., name, email, IP address, device identifiers).

✓ "We collect: name, email address, IP address, device identifiers, and browsing history."

Unnamed Third-Party Recipients

HIGH

CCPA § 1798.110

The Issue: Sharing user data with third parties but not naming them specifically.

❌ "We may share your data with third-party analytics providers."

Why It Fails: CCPA considers sharing data with third parties (including analytics) a "sale" even if no money changes hands. You must name specific companies.

✓ "We share your email and browsing data with Google Analytics and Facebook Ads. You can opt out via our 'Do Not Sell' link."

Missing Consumer Request Process

MEDIUM

CCPA § 1798.130

The Issue: Not providing at least two methods for consumers to submit data requests (access, deletion, opt-out).

❌ "Contact us to request your data."

Why It Fails: CCPA requires two or more designated methods: toll-free phone number AND web form/email.

✓ "Submit requests via our web form at example.com/privacy or call 1-800-XXX-XXXX."

CCPA vs. GDPR

Requirement	CCPA	GDPR
Consent	Opt-out (collect first, let users opt out)	Opt-in (consent required upfront)
Right to deletion	Yes (with broad exceptions)	Yes (stricter)
Data portability	Limited	Full right
Fines	Up to $7,500 per intentional violation	Up to 4% of global revenue

Example Check

Request

curl -X POST https://api.compliable.dev/v1/check/ccpa \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "We collect user information and may share it with partners.",
    "scope": {
      "businessType": "for-profit"
    },
    "context": {
      "documentType": "privacy_policy"
    }
  }'

Getting Started

Regulations

Integrations