Compliance Health
0%
↑ 2% from last scan
Active Violations
0
7 Critical · 10 High · 7 Med
Policies Loaded
0
180 rules extracted
Records Scanned
0
Across 10 tables · IBM AML
Compliance Health Score
View History →
94%
HEALTH
Violation Breakdown
CRITICAL
5
HIGH
8
MEDIUM
4
LOW
0
Live Violations Feed
See All →
CRITICAL
User 'J.Smith' access violation — Sales_Data.db
CRITICAL
Unauthorized data export — Europe_Server.log
HIGH
PII in unprotected table — Cust_Records.csv
HIGH
Stale active record past retention — C9871
MEDIUM
4h audit log gap detected — audit_trail
Policy-to-Data Violation Details
Export CSV →
Filter ↓
| Record ID | Entity | Last Transaction | Data Status | Violated Policy | Risk | Action |
|---|---|---|---|---|---|---|
| C9876 | Robert Johnson | 2018-01-15 | ● Active | GDPR-12a | CRITICAL | |
| LOG-441 | System Export | 2024-01-15 | ● Active | GDPR-7b | CRITICAL | |
| C9871 | Bohn Smith | 2018-01-15 | ● Active | GDPR-12a | CRITICAL | |
| C9872 | Grytt Donner | 2018-01-11 | ● Flagged | AC-3c | HIGH | |
| C9873 | Enian Rrows | 2021-01-03 | ● Flagged | DR-5b | HIGH | |
| C9874 | Jonin Johnson | 2018-01-09 | ● Reviewed | GDPR-12a | MEDIUM | |
| AUD-019 | Audit System | 2024-01-20 | ● Incomplete | AC-8a | MEDIUM | |
| C9880 | Joreph Johnson | 2018-01-26 | ● Unmonitored | DR-2a | MEDIUM | |
| REC-041 | RecoEngine v2 | 2024-11-15 | ● Active | IRD-5 | CRITICAL | |
| VND-017 | Acme Analytics | 2024-12-01 | ● Flagged | IRD-1 | HIGH |
Activity Timeline
Full Log →
10:35 AM
Scan complete: 12,480 records checked across 6 tables
10:35 AM
5 critical violations flagged in Europe_Server.log
10:35 AM
GDG dataset ingested: Internal_Recommendation_Doc.md — 28 rules extracted, 2 violations found (IRD-5, IRD-1)
10:34 AM
Policy rules reloaded from GDPR_Policy_v2.pdf
10:20 AM
Manual override by Parth Bhatt on Record C9874
09:00 AM
Scheduled scan initiated via APScheduler cron
Scan Summary
Scan Duration
1.8s
Rules Applied
142
Next Scan
06:00:00
All Active Violations — 19
Export Report →
| Record ID | Entity | Last Transaction | Status | Policy | Risk | Action |
|---|---|---|---|---|---|---|
| C9876 | Robert Johnson | 2018-01-15 | ● Active | GDPR-12a | CRITICAL | |
| LOG-441 | System Export | 2024-01-15 | ● Active | GDPR-7b | CRITICAL | |
| C9871 | Bohn Smith | 2018-01-15 | ● Active | GDPR-12a | CRITICAL | |
| C9872 | Grytt Donner | 2018-01-11 | ● Flagged | AC-3c | HIGH | |
| C9873 | Enian Rrows | 2021-01-03 | ● Flagged | DR-5b | HIGH |
Drop PDF policy document here
Supports PDF · Up to 50MB · AI extracts rules automatically
Loaded Policies
📘
GDPR_Policy_v2.pdf
▶ View Extracted Rules (47)
GDPR-12a · Data Retention · CRITICAL
All customer PII must be deleted or anonymized after 5 years from the date of last
transaction.
GDPR-7b · Data Transfer · CRITICAL
Unauthorized data export outside EU/EEA is strictly prohibited without explicit
consent and SCCs.
GDPR-5a · Data Minimization · HIGH
Only data strictly necessary for the stated purpose may be retained. Excess data
purged quarterly.
✓ 47 rules
📗
Data_Retention_Policy.pdf
▶ View Extracted Rules (61)
DR-5b · Proactive Retention · HIGH
Records approaching limit must be flagged 90 days in advance and scheduled for
anonymization.
DR-2a · Record Status · MEDIUM
All records must carry one of: Active, Archived, or Anonymized. Custom statuses are
non-compliant.
✓ 61 rules
📙
Access_Control_Policy.pdf
▶ View Extracted Rules (34)
AC-3c · Encryption at Rest · HIGH
All PII must be encrypted using AES-256. Unencrypted PII in any table or file is a
violation.
AC-8a · Audit Logging · MEDIUM
Continuous, uninterrupted audit logs required. Gaps over 15 minutes trigger
automatic investigation.
✓ 34 rules
📒
Internal_Recommendation_Doc.md GDG Dataset
▶ View Extracted Rules (28)
IRD-1 · Vendor Onboarding · HIGH
All third-party vendors must complete security assessment before data access is granted. Unvetted vendors with active data access are a policy violation.
IRD-2 · Data Classification · HIGH
All internal data assets must be classified as Public, Internal, Confidential, or Restricted. Unclassified data fields in production tables violate this policy.
IRD-3 · Recommendation Transparency · MEDIUM
Any automated recommendation system must maintain an explainability log. Black-box outputs with no decision rationale are non-compliant.
IRD-4 · Data Minimization · MEDIUM
Recommendation engines must not retain user behavioral data beyond 90 days unless explicit consent is documented and stored alongside the record.
IRD-5 · Bias Monitoring · CRITICAL
Recommendation outputs must be audited quarterly for demographic bias. Any system showing >5% disparity across protected attributes must be suspended pending review.
✓ 28 rules
🏦
AML_Compliance_Policy_Framework.pdf IBM AML Dataset
▶ View Extracted Rules (10)
AML-001 · Transaction Threshold · CRITICAL
Any single transaction exceeding $10,000 USD must be flagged for Currency Transaction Report (CTR) filing within 15 business days.
AML-002 · Structuring/Smurfing · CRITICAL
3+ transactions totaling >$10,000 to the same account within 24h, each individually below $10,000, indicates structuring. Freeze account and file SAR.
AML-003 · Transfer Velocity · HIGH
More than 10 outbound transfers in 24h, or >5 transfers to the same beneficiary in 24h, triggers Enhanced Due Diligence review.
AML-004 · Cross-Currency Monitoring · HIGH
Currency mismatch transactions exceeding $5,000 USD equivalent require counterparty jurisdiction check against FATF grey/black lists.
AML-005 · Round-Amount Clustering · MEDIUM
Accounts where >70% of 7-day transactions are round-dollar amounts (e.g. $1,000, $5,000, $9,999) are flagged for source-of-funds review.
AML-006 · Unknown Payment Format · MEDIUM
Transactions with Payment Format not in [Wire, ACH, Cheque, Credit Card, Cash, Reinvestment, Bitcoin] are held for manual review.
AML-007 · Same-Bank Circular Flow · HIGH
Intra-bank transactions that cycle funds back to the origin account cluster within 72h and exceed $2,000 indicate layering. Block and file SAR.
AML-008 · Beneficiary Concentration · HIGH
A single destination account receiving funds from >5 distinct source accounts in 48h is flagged as a potential money mule recipient.
AML-009 · Micro-Transaction Burst · MEDIUM
>20 transactions each under $200 from the same account within 1 hour suggests automated layering. Suspend API access pending review.
AML-010 · Dormant Account Activation · CRITICAL
An account inactive for >180 days executing a transaction >$2,500 requires re-KYC verification. Funds held for 5 business days.
✓ 10 rules
⏱ Periodic Monitoring Schedule
Scan Interval Configuration
Choose how often PolicyPilot automatically scans your connected databases for new or recurring violations:
Every 1 Hour
Every 6 Hours
Every 12 Hours
Every 24 Hours
Every 3 Days
Custom interval (seconds):
Current interval: 6h (21600s) · Next scan: —
Total Databases
3
Connected
2
Disconnected
1
Total Tables
18
Databases
This Week
94%
↑ 3% vs last week
Resolved
8
Violations closed
Pending
17
Require action
Compliance Trend — Last 7 Scans
Export PDF →
🤖 AI Compliance Narrative
Click "Generate Summary" to get a Gemini AI narrative of your current compliance status, trends, and top recommended actions.
🗄️ Database Compliance Reports
Violations by Database
| Database | Record ID | Entity | Policy | Risk | Status | Auto-Fix |
|---|
Red Team Agent
Attacker
Probing policies
Blue Team Agent
Defender
Guarding data
Active Sessions
0
Simulation rounds
Live Cyber-Defense Simulation
How it works:
- Red Team: Attempts to craft queries that bypass filters but violate policy spirit
- Blue Team: Analyzes requests and blocks violations with policy citations
- Live Debate: Agents exchange messages in real-time with AI-generated responses
Status: Standby | Policy Set: GDPR + IRD-5 + IRD-1
⚔️ Battle Arena
🛡️⚔️
Click "Initiate Attack Simulation" to start the agents debate
Red Team (Attacker) → Blue Team (Defender)
Red Team Analysis
Blue Team Analysis
👤 User Profile
Account Details
Full Name
Role
Email
Organization
🤖 AI Integration
Gemini API Configuration
—API Key (stored locally, never transmitted)
Model
Max Tokens
Temperature
⏱ Monitoring Schedule
Automated Scan Configuration
Choose how often PolicyPilot automatically scans connected databases for new or recurring violations:
Every 1 Hour
Every 6 Hours
Every 12 Hours
Every 24 Hours
Every 3 Days
Custom (seconds):
Active interval: 6h (21600s)
· Next scan: —
· 7 scans completed
🔔 Notifications & Alerts
Alert Preferences
Alert Email Address
Webhook URL (Slack / Teams / custom)
📊 Compliance Thresholds
Risk & Severity Configuration
CRITICAL — Auto-escalate if violations ≥
HIGH — Alert DPO if violations ≥
Compliance Health — Warning below
Current: 94% — above threshold ✓
Bias Disparity Threshold (%)
IRD-5 threshold — current: 8.3% ⚠
PII Retention Limit (years)
GDPR-12a default: 5 years
Audit Log Gap Alert (minutes)
AC-8a threshold
📜 Audit Trail
Settings Change Log
⚠ Danger Zone
Reset All Scan History
Clears scan results and violation history. Policy documents are retained.
Clear All Overrides
Removes all manual overrides. Violations will return to their original flagged state.
Reset All Settings
Resets all configuration to factory defaults. API key will be cleared.