Pre-Review Compliance

Compliance Automation

Enforce SOC 2, ISO 27001, HIPAA and PCI-DSS on every AI-generated change before a human ever sees it.

Overall coverage

88%

Open gaps

SOC 2

Compliant

SOC 2 Type II — Trust Services Criteria

96% coverage61 / 64 controls

3 failing

ISO 27001

Compliant

ISO/IEC 27001:2022 — Annex A

91% coverage85 / 93 controls

8 failing

HIPAA

At risk

HIPAA Security Rule — 45 CFR §164

78% coverage33 / 42 controls

9 failing

PCI-DSS

Compliant

PCI-DSS v4.0

88% coverage69 / 78 controls

9 failing

Upload policy documentation

Drop a PDF, DOCX, or Markdown policy. We extract enforceable rules with an LLM and wire them into the pre-commit guard.

Click to upload or drop a file

PDF, DOCX, MD · max 20 MB · parsed locally, stored encrypted

HIPAA_Security_Rule_v2024.pdf

HIPAA

· Today · 09:14

All AI-generated endpoints dealing with health metrics must pass through `encryptPHI()` utility

PHI fields (patient_id, dob, diagnosis) require AES-256 at rest and TLS 1.3 in transit

Every PHI read must emit an audit_log entry with actor + purpose

SOC2_Internal_Policy.docx

SOC 2

· Yesterday · 17:42

Production secrets must be loaded from process.env, never inlined

All write endpoints require authenticated session + RBAC check

Background jobs touching customer data must run in audited workers

PCI_DSS_v4_Cardholder_Data.pdf

PCI-DSS

· Mar 12 · 11:08

PAN must be tokenized before persistence — raw PAN storage is forbidden

CVV must never be logged or persisted

Cardholder routes require rate-limit middleware ≤ 60 req/min/IP