AI compliance · GDPR · SOC 2 · CCPA

Is your startup compliant?

WeScan checks your codebase for AI compliance gaps and generates the docs you need to close enterprise deals.

Scan your codebase free →See how it works

Free to try · 60 second scan · No credit card

wescan.app · Risk Assessment
Score
34/100
Critical
6
High
5
Medium
7
CriticalCheckout APIPII transmitted without data processing agreementGDPR Art. 28⚑ customer data
CriticalSupport BotConversation logs retained indefinitelyCCPA §1798.100⚑ customer data
HighAnalyticsNo model logging or audit trailSOC 2 CC7.2
MediumInternal SearchNo access controls — all engineers can query all dataSOC 2 CC6.3

Detects usage across

OpenAI
Anthropic
AWS Bedrock
Azure OpenAI
Google Gemini
Hugging Face

How it works

Three steps to a clean
compliance report

No consultants. No legal bills. No 50-page questionnaires.

01

Connect your codebase

Paste a public GitHub URL, connect a private repo with your access token, or upload a ZIP under 4 MB. No agent to install, no credentials stored.

02

Get your risk report

See every model in use, which ones handle customer data, which regulations are breached, and exactly how to fix each issue.

03

Generate your policy pack

One click generates an AI Usage Policy, DPA Checklist, and Data Flow Map — built from your actual scan results, ready to share.

What we find

What gets flagged
in every scan

These are the most common findings — and the ones that stall procurement reviews.

PII sent to a model without a DPA

Customer emails, names, and IDs flowing into a model without a signed Data Processing Agreement. GDPR Article 28 violation.

No data retention policy

Conversation logs stored indefinitely. CCPA gives customers the right to deletion — you need a documented process to honour it.

No audit trail on model calls

Every model call needs a structured log entry for SOC 2 CC7.2. Without it you cannot demonstrate what ran or when.

Third-party documents ingested without consent

Sending customer documents to a model requires explicit consent clauses in your Terms of Service.

No access controls on model endpoints

Any team member can query any customer's data. SOC 2 CC6.3 requires role-based access scoped to the requesting user.

Unpinned model versions in production

Calling gpt-4 instead of a dated version means your output can change silently when the provider updates the model.

Pricing

Less than an hour of legal fees

Vanta costs £40,000 and assumes a dedicated security team. A compliance lawyer charges £300/hour. WeScan starts free.

Free
£0

Try it out

  • 1 scan per month
  • Top 3 findings preview
  • Risk score overview
  • ✗ File + line numbers
  • ✗ Policy generation
  • ✗ Scan history
Start scanning →
Starter
£29 /mo

For founders getting compliance-ready

  • 5 scans per month
  • Full findings with file + line numbers
  • Basic policy generation
  • Scan history
  • ✗ Unlimited scans
  • ✗ Priority support
Get started →
Pro
£99 /mo

Everything you need to close the enterprise deal

  • Unlimited scans
  • Full risk dashboard
  • Unlimited policy generation
  • Monthly rescan alerts
  • Full scan history
  • Priority support
Go Pro →

Know where you stand
before your customer asks.

Free scan. 60 seconds. No credit card.

Scan your codebase free →Talk to us