New: Privacy & Communications Compliance Packs

Today we're adding two new focus-area packs to the AuditBuffet library: Privacy Compliance and Communications Compliance. Together, they add 8 audits and 152 checks covering the regulatory landscape that most AI-built apps completely ignore.

Why this matters

Here's the thing about vibe-coded apps: the AI will happily add a newsletter signup form, a cookie banner, or a contact form without understanding the legal requirements behind any of them. You end up with:

• A cookie banner that doesn't actually block cookies before consent
• Email collection with no unsubscribe mechanism
• User data stored without a privacy policy that covers what you're collecting
• No age verification even though your app is accessible to minors

These aren't hypothetical. These are real compliance gaps in real shipped apps.

Privacy Compliance Pack

Four audits covering the major privacy regulations:

GDPR Readiness (22 checks) — Consent mechanisms, data subject rights (access, deletion, portability), privacy policy requirements, data processing records, breach notification procedures. If you have users in the EU, this is non-negotiable.

CCPA Readiness (20 checks) — "Do Not Sell" requirements, consumer rights disclosures, opt-out mechanisms, data inventory, service provider agreements. Required for businesses serving California residents.

COPPA Compliance (18 checks) — Age gates, parental consent flows, data minimization for minors, and restrictions on behavioral advertising. If your app could be used by children under 13, COPPA applies.

Cookie Consent Compliance (18 checks) — Consent-before-cookies implementation, granular category controls, consent logging, banner accessibility, and third-party script management. The cookie banner you copied from a template probably isn't compliant.

Communications Compliance Pack

Four audits covering how you communicate with and sell to users:

Email & SMS Compliance (20 checks) — CAN-SPAM and TCPA requirements: physical address in emails, one-click unsubscribe, opt-in records for SMS, quiet hours, and message frequency controls.

FTC Consumer Protection (20 checks) — Truth in advertising, endorsement disclosures, dark pattern prohibitions, pricing transparency, and refund policies. The FTC has been increasingly active on AI-generated content and deceptive design.

Subscription Compliance (18 checks) — Auto-renewal disclosures, cancellation flow requirements (no dark patterns), trial-to-paid conversion notices, and receipt/confirmation requirements. Several states now have specific laws about subscription UX.

Legal Pages Compliance (16 checks) — Privacy policy completeness, terms of service coverage, accessibility statement, and required legal disclosures. The pages every app needs but few get right.

Running the audits

Same workflow as every other AuditBuffet audit. Copy the prompt into your AI coding tool, let it analyze your codebase, get a structured score and report. Each check includes specific remediation guidance — not just "you failed" but "here's what to fix and why."

These audits are available now as part of the paid tier. Browse them on the audits page or check out the full packs overview.