Compliance Scanning

On every release, NextEpoch produces a compliance evidence pack that a Risk & Compliance / DPO reviewer can act on. Designed for GDPR Article 30 records and DPIA workflows.

How It Works

When code is released, the compliance scanner analyzes your codebase and produces an evidence-based report. Unlike generic compliance tools, it never invents findings — every item in the report cites the exact file and line in your code.

What It Covers

The scanner produces evidence for:

• Data processing activities — What personal data your app handles and how
• Data flows — Where data moves between components and external services
• Storage and retention — How and where data is stored
• Access controls — Who can access what data
• Security measures — Technical measures protecting personal data

Configuring the Policy

Each app has a configurable compliance policy. Navigate to your app's compliance settings to customize what the scanner focuses on. You can provide context about:

• Your app's data processing purposes
• Applicable regulations (GDPR, CCPA, etc.)
• Specific areas of concern for your DPO

Using the Evidence Pack

The evidence pack is designed to be handed directly to your compliance team. It provides:

• Structured findings with file:line citations
• Evidence-based assessment — no speculation or guesswork
• Actionable items when changes are needed
• Release-level tracking — each release gets its own pack

This lets your compliance team review code changes without needing to read code themselves.