Why we built this
The problem with most compliance resources is that they sit at one of two extremes. At one end you have the actual regulations: dense legal text written for attorneys, full of cross-references and defined terms that require hours to parse. At the other end you have blog posts and vendor guides that are vague enough to be useless as a starting point for any specific decision.
The gap in the middle is where most founders and small business operators live. They need to know: does this regulation apply to us, and if so, what specifically do we need to do about it? That question does not require a compliance consultant. It requires a plain-English translation of the actual law, with the source attached so nothing is taken on faith. ComplianceCheckup is that translation.
What this site is, and what it is not
ComplianceCheckup is an informational starting point. Every checklist is built directly from official regulatory text: GDPR from gdpr-info.eu, HIPAA from HHS.gov, PCI DSS from the PCI Security Standards Council, SOC 2 from the AICPA, CCPA from the California DOJ, and ADA accessibility requirements from W3C and U.S. DOJ guidance. Each item cites the specific article or section number it is based on, so you can read the source yourself.
What it is not: this is not legal advice, and completing a checklist here does not certify, document, or formally demonstrate your compliance to any regulator or auditor. For formal compliance, many regulations require working with qualified professionals. ComplianceCheckup helps you understand what is required. A qualified professional helps you implement it correctly.
How checklists are written and maintained
Each checklist starts with a full read of the official regulatory text. Items are written in plain English, but each one is tied to a specific article or section reference, not to a secondary source. If a regulation is updated, the relevant checklist is reviewed and revised to reflect the change. All checklists are re-verified against their official source at least once per year, and a re-verification is triggered immediately by any significant regulatory update, enforcement decision, or new official guidance.
The "last verified" date shown on each checklist reflects the most recent full review. If you find an item that appears out of date or incorrect, email us at [email protected] with the regulatory reference. We review all corrections and apply verified ones promptly. For the full sourcing and correction policy, see our Editorial Policy.
How we make money
ComplianceCheckup earns revenue through display advertising served by Google AdSense. Advertisers have no influence over which regulations are covered, how checklist items are written, or what compliance guidance is provided. No checklist content is sponsored, commissioned, or influenced by advertisers. All checklists are free to use with no account required. See our Editorial Policy for the full conflict-of-interest disclosure.
How to reach us
The best way to reach us is by email at [email protected]. We aim to respond within two business days. The right things to contact us about: errors or outdated items in a checklist (please include the article or section reference), suggestions for a new regulation to cover, and press or partnership inquiries. Please do not contact us for advice on your specific compliance situation. We cannot provide legal advice; for that, consult a qualified attorney.