Your documents stay local
A PIA requires describing your product's data practices in detail — the exact information you're building privacy controls around. With Legalcode, those descriptions stay on your device. Your agent queries the regulatory framework while your product specifications, data flow diagrams, and internal documents remain local. Assess privacy risk without creating new risk by uploading to a third-party platform.
- Documents never leave your machine — no uploads to third-party services
- Zero data retention on search content — queries are not logged or stored
- Combine Legalcode with your local files, tools, and workflows in one environment
- Works inside your existing AI agent — Claude Code, ChatGPT, Cursor, or any MCP client
How it works
- 1
Describe the product to your local agent
Describe the new product, feature, or process to your AI agent alongside your local design documents. What it does, what personal data it collects, who the data subjects are, and which markets it will operate in — all stay on your machine.
- 2
Privacy risks identified
The skill identifies privacy risks across data minimisation, purpose limitation, retention, security, third-party sharing, individual rights, and cross-border transfer dimensions.
- 3
Jurisdiction-specific compliance checks
For each jurisdiction where the product will operate, the skill checks specific compliance requirements — GDPR lawful basis, CCPA disclosure requirements, PDPA consent rules, and sector-specific rules.
- 4
Mitigation recommendations
For each risk identified, the skill suggests specific mitigation measures — technical controls, policy requirements, consent flows, or design changes — with references to applicable guidance.
What it produces
- Privacy risk register (risk × likelihood × severity)
- Jurisdiction compliance checklist
- Lawful basis analysis per processing activity
- Data flows map with third-party processor identification
- Individual rights obligations checklist
- Mitigation recommendations with guidance references
- DPIA trigger assessment (feeds into DPIA Generator if required)
Jurisdictions covered
Related skills
FAQ
- My product specs are confidential. Are they safe?
- Your product descriptions and data flow diagrams never leave your device. The agent works with your specifications locally and queries Legalcode only for the privacy regulatory framework. Zero data retention applies — nothing about your product is logged, stored, or accessible to Legalcode.
- What is the difference between a PIA and a DPIA?
- A Privacy Impact Assessment (PIA) is a broader privacy risk assessment practice. A Data Protection Impact Assessment (DPIA) is a specific legal requirement under GDPR Article 35 for high-risk processing activities. A PIA often triggers a DPIA — Legalcode's PIA skill includes a DPIA trigger assessment and links to the dedicated DPIA Generator skill if required.
- Does the skill cover the EU AI Act's privacy provisions?
- Yes. For AI-powered products, the skill includes an EU AI Act risk classification assessment alongside the GDPR analysis, and identifies where the two regimes interact — particularly for high-risk AI systems that process personal data.
- Can I run this for an existing product rather than a new one?
- Yes. The skill works for retrospective PIAs on existing products as well as prospective assessments. For retrospective assessments, it identifies compliance gaps and a prioritised remediation plan.
Run Privacy Impact Assessment locally — no uploads, no data retention
Plug Legalcode into your AI agent and work with your own documents locally. Free tier gives you laws and case law across 24 jurisdictions with full text in your agent's context. Pro unlocks all source types, file downloads to local Markdown, and higher throughput at $39/month ($29 billed annually). The full skill library is available on annual plans.