Terms & Conditions

This tool is provided for informational purposes only and does not constitute legal advice. Users are responsible for input data accuracy. AI outputs must be reviewed. No liability is accepted for decisions made using this tool.

1. Introduction
These Terms and Conditions govern the use of SecureComply, a GDPR compliance auditing tool. By accessing or using SecureComply, you agree to be bound by these terms. If you do not agree with any part of these terms, you should not use the tool.

2. Service Description
SecureComply provides an automated mechanism for assessing GDPR compliance based on structured user input and predefined evaluation metrics. The tool generates indicative compliance scores, reports, and recommendations intended to support internal compliance review and decision-making processes.

3. Permitted Use
SecureComply may be used solely for lawful purposes and in accordance with applicable data protection laws and regulations. Users agree not to misuse the tool, attempt to interfere with its operation, or use it in a way that could compromise system integrity or security.

4. Data Responsibility
Users are solely responsible for any data entered into SecureComply. The tool is designed to operate using synthetic, anonymised, or non-sensitive data. Where real organisational data is used, users must ensure that appropriate legal bases, safeguards, and permissions are in place prior to processing.

5. No Legal Advice
SecureComply does not provide legal advice. Any outputs generated by the tool, including compliance scores, reports, and recommendations, are for informational and educational purposes only. These outputs should not be relied upon as a substitute for professional legal or regulatory consultation.

6. Accuracy of Results
While SecureComply applies structured logic and predefined evaluation rules, no guarantee is made regarding the accuracy, completeness, or suitability of the results for regulatory compliance purposes. The tool provides indicative assessments only and should be used as a support mechanism rather than a definitive compliance solution.

7. Limitation of Liability
To the fullest extent permitted by law, SecureComply shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from the use of, or inability to use, the tool or reliance on its outputs. Users accept full responsibility for any decisions or actions taken based on the results provided.

8. Intellectual Property
All content and system logic, design, and associated materials related to SecureComply remain the intellectual property of the developer. Users are not permitted to copy, reproduce, distribute, or modify any part of the system without prior permission.

9. Modifications to Terms
These Terms may be updated or modified at any time without prior notice. Continued use of SecureComply following any changes constitutes acceptance of the revised terms

10. Governing Principles
These terms are intended to reflect general best practices in software usage and data protection awareness. It is the responsibility of the user to ensure compliance with applicable laws and regulations within their jurisdiction.

Tech Stack Use Cases FAQ GitHub

GDPR Compliance Audit Tool

SecureComply performs structured GDPR compliance assessments using a multi-stage pipeline including validation, scoring, and risk modelling. Designed for SMEs to rapidly evaluate their compliance posture in a transparent and repeatable manner.

Developed by Cormac Casey



CLI-Based Explainable Scoring 0–100 Risk Model N/A-Aware Controls HTML Reporting Optional AI Narrative Optional Host Telemetry SME Focused Python 3 JSON Pipeline argparse CLI Deterministic Scoring OpenAI SDK Bash Telemetry Linux Utilities GitHub Versioned Netlify Hosted Modular Architecture




Get SecureComply Tool

How It Works

📥 Data Ingestion
Structured JSON is normalised and prepared for analysis
✔ Validation Engine
Schema validation and GDPR rule enforcement
⚙️ Control Mapping
Inputs mapped to GDPR compliance controls
🖥️ Host Telemetry (Optional)
System-level signals are incorporated to enrich compliance context
📊 Scoring Engine
Weighted scoring model applied (0–100)
🧠 Risk Modelling
Classification into risk bands (Low → High)
📄 Report Generation
HTML audit report with findings + gaps
🤖 AI Narrative (Optional)
Optional CISO-style summary generation

Tech Stack

SecureComply is built on a modular Python-based compliance analysis pipeline combining structured data ingestion, schema validation, deterministic weighted scoring, benchmark generation, optional AI-assisted narrative generation, host-level telemetry enrichment, and static web presentation. The architecture was designed to prioritise portability, explainability, repeatability, and clear separation of processing stages.

Core Language

Python 3
Used as the primary implementation language for ingestion, validation, scoring logic, benchmark generation, pipeline orchestration, report generation, and CLI execution.
Data Format Layer

JSON
Structured JSON is used for GDPR control input, synthetic dataset generation, merged telemetry-enriched input, benchmark output, and final audit result storage.
Frontend / Report Layer

HTML + CSS
Used for the generated audit dashboard and the public SecureComply project website, enabling readable presentation of scores, findings, recommendations, and project documentation.
CLI & Execution Layer

argparse
Supports command-line flags such as usage display, data instructions, demo mode, AI toggling, and explainability mode within the SecureComply execution workflow.
Structured Scoring Model

dataclasses
Used to model control results, support deterministic score calculation, and improve maintainability of the compliance engine.
AI Integration

OpenAI API
Provides optional executive-style CISO narrative generation to convert technical audit findings into higher-level business-facing risk summaries.
Host Telemetry Collection

Bash
A Linux shell-based telemetry script is used to gather non-scoring contextual indicators such as firewall status, automatic updates, logging state, encryption presence, and open ports.
System Utilities

ss, lsblk, ufw, systemctl, awk, grep, paste, wc
These utilities support host-level inspection for attack-surface and operational security context within the optional telemetry pipeline.
Report Automation

webbrowser / os.startfile
Used to automatically open the generated HTML audit report after successful execution.
Environment Management

Python venv
Virtual environments are used to isolate project dependencies and support reproducible setup across Windows, Linux, and macOS environments.
Version Control

Git + GitHub
Used for source control, documentation management, project versioning, and repository-based project distribution.
Website Hosting

Netlify
Hosts the SecureComply project website for public demonstration, documentation access, and portfolio presentation.

Quick Start

Windows Setup

git clone https://github.com/caseycormac/SecureComply
cd SecureComply
python -m venv venv
venv\Scripts\activate
pip install -r requirements.txt
python run.py data/input.json
Linux / macOS Setup

git clone https://github.com/caseycormac/SecureComply
cd SecureComply
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 run.py data/input.json

If you are using the fish shell (common on some Kali setups), activate the virtual environment with:

source venv/bin/activate.fish
Output
Report generated in:
reports/audit_report_v3.html

Example Input

[
    {
        "basic_security_measures": {
            "https_enabled": true,
            "password_storage_method": "sha256",
            "regular_security_testing": "none",
            "encryption_at_rest": "partial",
            "mfa_enforced": "none"
        },
        "transparency_user_rights": {
            "cookie_consent_mechanism": "implied",
            "privacy_policy_present": false,
            "privacy_policy_clarity": "missing",
            "lawful_basis": "legal_obligation",
            "third_party_sharing_disclosed": "partial",
            "dsar_response_time_days": 97,
            "dsar_process": "missing"
        },
        "internal_controls": {
            "data_breach_process_maturity": "informal",
            "breach_notification_hours": 142,
            "data_retention_policy": "none",
            "retention_period_days": 0,
            "record_of_processing": "automated",
            "dpia_process": "none",
            "has_dpo": "informal_role"
        }

    }
]
Full Data Structure & Field Definitions

For complete input formats, field descriptions, and allowed values, refer to the official documentation:

View Data Instructions on GitHub →

View Scoring Rationale on GitHub →

AI Narrative (Optional)

SecureComply includes an optional AI-powered module that generates a high-level CISO-style narrative summary of audit findings. This enhances readability by translating technical outputs into an executive-focused overview.
How to Enable AI Narrative

Option 1 (Recommended): Use API Key File

1. Create a file named:
openai.key

2. Paste your OpenAI API key into the file (no extra text)

3. Place the file in the project root directory

4. Run the tool normally:
python run.py data/input.json

Option 2: Use Environment Variable

Windows:
setx OPENAI_API_KEY "your_api_key_here"

Linux / macOS:
export OPENAI_API_KEY="your_api_key_here"

Then run:
python run.py data/input.json
Disable AI Processing

python run.py data/input.json --no-ai
AI-generated output is advisory in nature and should be reviewed by a qualified professional before being used in decision-making processes.

CLI Output

==================================== SecureComply+ GDPR Auditor (V6.0) ==================================== [1/5] Loading data ████████████████████ 100% [DATA SOURCES] ✔ External GDPR dataset ✔ Host telemetry integrated [2/5] Validating input ████████████████████ 100% [3/5] Running Compliance Engine → Ingestion module (data normalisation) → Validation engine (rule enforcement) → Scoring engine (control evaluation) → Risk model (band classification) → Recommendation engine (gap analysis) ████████████████████ 100% [4/5] Generating report ████████████████████ 100% [AI] Generating CISO Narrative → Connecting to OpenAI API → Model: gpt-4o-mini → Generating risk summary ⚠ Fallback used (if: AI unavailable) [5/5] Finalising ████████████████████ 100% ✔ Audit Complete Risk Level: HIGH RISK Score: 40/100 Report: reports/audit_report_v3.html

Use Cases

SecureComply is designed to support structured GDPR compliance assessment across a range of practical and academic scenarios. The tool is particularly suited to organisations and users who require a transparent, repeatable, and accessible method for evaluating GDPR-related controls.

SME Internal Compliance Review

Enables small and medium-sized enterprises to assess their current GDPR posture using structured input data, explainable scoring, and prioritised recommendations without relying on costly external tooling.
Pre-Audit Readiness Assessment

Supports organisations in identifying weaknesses in security, transparency, and governance controls before internal reviews, third-party assessments, or formal compliance discussions.
Academic Demonstration and Research

Provides a practical example of a modular compliance auditing pipeline, suitable for demonstrating validation logic, deterministic scoring, reporting, benchmarking, and optional AI-assisted interpretation.
Security and Compliance Benchmarking

Allows users to compare assessment outcomes against a synthetic SME baseline, helping place individual compliance scores into a broader and more meaningful context.
Training and Awareness

Can be used to improve understanding of GDPR-related controls by showing how different organisational practices influence compliance scores, risk bands, and remediation priorities.
Early-Stage Governance Improvement

Useful for organisations that may not yet have mature compliance processes in place but want a structured starting point for identifying gaps and improving data protection practices.

Frequently Asked Questions

What is SecureComply?

SecureComply is a command-line GDPR compliance auditing tool designed to help organisations, particularly SMEs, assess their compliance posture using structured input data, validation logic, explainable scoring, and report generation.
Who is this tool intended for?

The tool is primarily designed for Small and Medium Enterprises (SMEs), academic demonstration, and internal compliance review scenarios where organisations require a structured and repeatable way to assess GDPR-related controls.
What input format does the tool require?

SecureComply requires structured JSON input following the documented nested schema. Input data should include the relevant GDPR control fields across security measures, transparency and user rights, and internal controls.
Does host telemetry affect the compliance score?

No. Host telemetry is optional and is used to enrich operational context within the report. It is displayed as supporting security information and does not directly alter the GDPR compliance score.
What does N/A mean in the scoring model?

N/A indicates that a control is not applicable to the assessed organisation. Where supported, such controls are excluded from score calculation so that the final score reflects only the controls relevant to that environment.
Can the AI narrative be disabled?

Yes. The AI-generated narrative is optional and can be disabled using the --no-ai flag. When disabled, the tool can still produce deterministic audit outputs and reporting.
What outputs does SecureComply generate?

The tool produces a structured HTML audit report containing an overall score, risk band, category breakdowns, identified control gaps, prioritised recommendations, remediation planning, and optional contextual telemetry.
Is SecureComply a legal advisory tool?

No. SecureComply is an informational and educational auditing tool. It does not provide legal advice, and outputs should be reviewed by an appropriately qualified professional before being relied upon for regulatory or compliance decision-making.