PickYourTechPickYourTech home
Comp AI logo

Comp AI

AI‑powered platform that automates compliance for SOC 2, ISO 27001, HIPAA, GDPR

Compliance Automation & GRC

Comp AI accelerates compliance by automating evidence collection, policy management, and control implementation for SOC 2, ISO 27001, HIPAA, and GDPR, while keeping your data under your own infrastructure.

Comp AI banner

Overview

Who it's for

Comp AI is designed for development and security teams that need to achieve regulatory compliance quickly without sacrificing control over their data. Whether you are a startup preparing for a SOC 2 audit or a healthcare provider handling HIPAA requirements, the platform gives you a single pane to manage policies, collect evidence, and track controls.

What it does

The system leverages AI to generate and organize compliance artifacts, syncs them with your PostgreSQL database, and uses Trigger.dev workflows to automate recurring tasks. Built with Next.js, Prisma, Tailwind CSS, and Upstash Redis, it offers a modern UI and extensible backend while keeping all data on your own infrastructure.

How to get started

Run the repo locally with Node 20+, Bun, and PostgreSQL, configure the required environment variables, and launch via bun run dev or Turbo. A cloud‑hosted version is also available, and future Docker and Vercel deployment guides are in progress.

Highlights

AI‑driven evidence collection for multiple compliance frameworks
Centralized policy authoring and version control
Automated control implementation tracking via Trigger.dev workflows
Self‑hosted architecture that keeps all data in your own database and Redis

Pros

  • Reduces compliance preparation time from months to weeks
  • Open‑source and fully customizable
  • Supports SOC 2, ISO 27001, HIPAA, and GDPR out of the box
  • Keeps data under your own infrastructure for privacy and security

Considerations

  • Initial setup requires Node, Bun, and PostgreSQL expertise
  • Docker and Vercel deployment documentation is still pending
  • Relies on external services like Trigger.dev and Upstash for full functionality
  • AI suggestions may need manual review for edge‑case requirements

Managed products teams compare with

When teams consider Comp AI, these hosted platforms usually appear on the same shortlist.

Delve logo

Delve

AI-native compliance automation with agent-based evidence collection

Drata logo

Drata

Automated security compliance for SOC 2, ISO 27001, and more

Oneleet logo

Oneleet

Unified security & compliance platform with pentesting and continuous monitoring

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Startups and SaaS companies preparing for their first compliance audit
  • Engineering teams comfortable with JavaScript/TypeScript ecosystems
  • Organizations that prefer self‑hosted solutions to retain data sovereignty
  • Teams looking to integrate compliance checks into CI/CD pipelines

Not ideal when

  • Non‑technical compliance officers without development support
  • Companies that need an out‑of‑the‑box hosted service with zero setup
  • Enterprises requiring certified, vendor‑managed compliance platforms
  • Projects that cannot allocate resources for environment configuration

How teams use it

Rapid SOC 2 readiness for a fintech startup

Audit‑ready evidence and policies generated in weeks, cutting preparation costs by 60%.

HIPAA compliance for a telehealth provider

Centralized policy library and automated control logs ensure continuous HIPAA adherence.

Continuous compliance in CI/CD

Trigger.dev workflows automatically verify control implementation on each deployment.

GDPR data‑subject request automation

AI‑assisted tracking of user data handling fulfills GDPR obligations with minimal manual effort.

Tech snapshot

TypeScript97%
MDX1%
PLpgSQL1%
JavaScript1%
CSS1%
Shell1%

Tags

turborepoopen-sourceait3-stackcomplianceiso27001authjsnextjsauditvantadratagdprzodtailwindcsssecurityprismasoc2open

Frequently asked questions

Which compliance frameworks does Comp AI support?

SOC 2, ISO 27001, HIPAA, and GDPR are built‑in and ready to use.

Do I need to host the platform myself?

Yes, you can self‑host using Node/Bun and PostgreSQL, or subscribe to the cloud‑hosted version.

What external services are required?

A Trigger.dev account for workflow automation, Upstash Redis for caching, and Google OAuth for authentication. Email sending uses Resend if configured.

Is there a Docker deployment guide?

Docker deployment steps are forthcoming; meanwhile you can run the application locally or on Vercel.

How is my data protected?

All data resides in your own PostgreSQL and Redis instances; the platform does not store compliance data externally.

Project at a glance

Active
Visit siteView repo
Stars
1,326
Watchers
1,326
Forks
237
LicenseAGPL-3.0
Repo age1 year old
Last commit5 days ago
Primary languageTypeScript

Last synced 2 days ago