DEV Community: LEONARDO DE SOUZA JUNIOR

I Built an Open Source LGPD Compliance Tool with Local AI

LEONARDO DE SOUZA JUNIOR — Sat, 28 Mar 2026 01:04:36 +0000

Brazil's data protection law (LGPD) requires companies to map personal data, generate impact reports, and respond to data subject rights — but compliance tools are expensive (R$10k+ for consulting, R$500-2000/month for SaaS).

I built LGPD Sentinel AI, an open source tool that automates LGPD compliance audits using local AI (llama3.1 via Ollama). No cloud dependency, no monthly fees — your data never leaves your server.

Features

Personal data mapping: AI-powered identification and classification
DPIA generation: Automated Data Protection Impact Assessment reports
Data subject rights (Art. 18): Analysis and recommendations for all 8 rights
PDF export: Professional audit-ready reports
Audit history: Complete record of all compliance checks

Tech Stack

Backend: FastAPI + LangChain + Ollama (llama3.1:8b)
Frontend: Streamlit
Database: SQLite
Deploy: Docker Compose
License: Apache 2.0

I built an open-source LGPD audit tool with local AI (no cloud, no data leaks)

LEONARDO DE SOUZA JUNIOR — Fri, 20 Mar 2026 03:50:59 +0000

TL;DR

I built LGPD Sentinel AI — a 100% open-source tool that runs automated LGPD compliance audits using a local AI model (Ollama + llama3.1). Zero data sent to the cloud. Zero PII exposure.

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

The Problem

Brazil's LGPD (Lei Geral de Proteção de Dados) has been in full effect since 2021, with fines up to 2% of revenue (capped at R$50 million per incident). Yet most small and mid-size Brazilian companies still handle compliance manually — spreadsheets, legal consultants, quarterly reviews.

The problems with that approach:

Expensive: DPO consultants charge R$3,000–15,000/month
Slow: Manual audits take weeks
Risky: You're sending your sensitive data descriptions to third-party cloud AI tools

I wanted to fix all three.

What I Built

LGPD Sentinel AI automates the entire compliance audit pipeline:

Input: describe your data flows / upload documents
  → AI analysis (local, private)
  → Risk classification (high/medium/low)
  → DPIA report
  → DSR management
  → Compliance dashboard

Stack

Backend: FastAPI (Python)
Frontend: Streamlit
AI: Ollama + llama3.1 (runs 100% locally — no API keys, no cloud)
DB: SQLite (zero config) or Supabase (optional)
License: Apache 2.0

Key Features

📊 Data Mapping

Automatically identifies and classifies personal data in your systems. The AI tags each field by LGPD category (sensitive, non-sensitive), legal basis, and data controller/processor relationship.

🔍 DPIA (Data Protection Impact Assessment)

Generates a full DPIA report with risk scoring. Each identified risk gets a mitigation recommendation — all driven by the local LLM.

📝 DSR Management

Handles Data Subject Requests (access, deletion, correction, portability) with automated tracking and response templates.

🛡️ Risk Assessment

Every audit produces a risk matrix: high / medium / low, with article-level LGPD references (e.g., "Art. 7 — legal basis missing").

Why Local AI Matters for Compliance

Here's the irony most people miss: using a cloud AI tool to analyze your LGPD compliance is itself an LGPD risk.

When you paste your data flow descriptions into ChatGPT or Claude, you're potentially sending personal data or sensitive business information to a third-party processor without proper DPA (Data Processing Agreement) in place.

LGPD Sentinel AI solves this by running the entire inference pipeline locally via Ollama. Your data never leaves your machine.

Getting Started

# Clone the repo
git clone https://github.com/ldsjunior-ui/lgpd-sentinel-ai
cd lgpd-sentinel-ai

# Install Ollama and pull the model
ollama pull llama3.1

# Install dependencies
pip install -r requirements.txt

# Run
python -m uvicorn src.main:app --reload --port 8000
# In another terminal:
streamlit run frontend/app.py

That's it. No paid API keys. No Docker required for basic usage. Works on any machine that can run Ollama.

What's Next

[ ] PDF/DOCX document ingestion for automated mapping
[ ] Multi-user support with role-based access
[ ] ANPD notification templates
[ ] Portuguese + English UI

Support the Project

If this is useful to you, there are a few ways to help:

⭐ Star the repo: https://github.com/ldsjunior-ui/lgpd-sentinel-ai
💬 Open issues / discussions — feature requests, bug reports, use cases
💙 GitHub Sponsors — tiers from $5/month to support continued development

This is a solo open-source project built to make LGPD compliance accessible to every Brazilian company, not just those who can afford a DPO consultant.

Built with FastAPI, Streamlit, Ollama, and a genuine frustration with expensive compliance tooling.

Como construí uma ferramenta open source de auditoria LGPD com IA local (sem enviar dados para a nuvem)

LEONARDO DE SOUZA JUNIOR — Thu, 19 Mar 2026 02:02:51 +0000

O problema: conformidade LGPD é cara e expõe dados sensíveis

A Lei Geral de Proteção de Dados (LGPD) entrou em vigor em 2020 e exige que empresas brasileiras mapeiem fluxos de dados pessoais, nomeiem um DPO, documentem atividades de tratamento e respondam a solicitações de titulares em até 15 dias.

O problema? Consultorias cobram de R$ 25.000 a R$ 250.000 por projeto. E a ironia: para auditar dados pessoais, a maioria das ferramentas envia esses dados para servidores em nuvem — potencialmente violando o Art. 33 da própria LGPD (transferência internacional de dados).

Decidi construir algo diferente: LGPD Sentinel AI, uma ferramenta open source que roda inteiramente na sua máquina.

A arquitetura: local-first do início ao fim

Nenhum dado sai da sua máquina. O modelo de linguagem roda via Ollama localmente. Stack: FastAPI + Streamlit + SQLite + Ollama/llama3.1.

Por que IA local e não GPT-4?

1. Compliance by design — O Art. 33 da LGPD restringe transferências internacionais de dados. Enviar PII de clientes para a OpenAI para fazer auditoria LGPD é uma contradição legal explícita.

2. Custo zero de inferência — llama3.1 8B roda em qualquer máquina com 8GB de RAM. Zero custo por token.

3. Reproducibilidade — Auditorias precisam de resultados determinísticos. Modelos de produção na nuvem mudam sem aviso.

Como o scanner de PII funciona

O scanner usa uma abordagem em camadas com padrões regex para CPF, CNPJ, e-mail, telefone, RG — seguidos de análise semântica via LLM para reduzir falsos positivos e gerar justificativa de risco em português.

O pipeline de auditoria completo

Ingestão — Aceita código-fonte, dumps de banco, logs, documentos
Scan — Detecta PII por padrão + contexto semântico via LLM
Classificação — Categoriza por base legal (Art. 7 LGPD): consentimento, legítimo interesse, obrigação legal
Mapeamento — Gera o Registro de Operações de Tratamento (ROPA)
Relatório — PDF/HTML com linguagem jurídica pronta para DPO

Deploy e automação sem custo

Toda a infraestrutura de growth roda no GitHub Actions (gratuito para repos públicos):

Drip de e-mail — Sequência de boas-vindas via Brevo (6 templates, 21 dias)
Star milestone — Tweet automático a cada marco de estrelas
Métricas semanais — Relatório de stars/forks/subscribers toda segunda-feira

Os e-mails são capturados via formulário nativo do Brevo — nenhuma chave de API exposta no código público.

Resultados

Ferramenta funcional em 3 semanas de desenvolvimento solo
Pipeline de email marketing 100% automatizado
Custo de infraestrutura: R$0/mês
100% open source (MIT License)

I built an open-source LGPD compliance tool with local AI — no data ever leaves your server

LEONARDO DE SOUZA JUNIOR — Wed, 18 Mar 2026 13:46:29 +0000

The Problem

Brazil's LGPD (Lei Geral de Proteção de Dados) came into force in 2020 with fines up to R$50 million per violation. Yet 90% of small and medium businesses (PMEs) still have no data mapping, no DPIA, and no DSR process in place.

Why? Because:

Hiring a consultant costs R$20–80k
SaaS compliance platforms cost R$2–5k/month
Most tools require uploading your sensitive data to external servers

So I built an alternative.

Introducing LGPD Sentinel AI

LGPD Sentinel AI is a fully open-source compliance audit tool that runs 100% locally using Ollama + llama3.1. Your data never leaves your server.

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

What it does

✅ Automatic data mapping — scans your systems and catalogs personal data assets

✅ DPIA/RIPD generation — creates Data Protection Impact Assessments with risk scores

✅ DSR automation — handles Data Subject Requests (access, deletion, correction)

✅ 100% local AI — llama3.1 via Ollama, zero external API calls

✅ REST API + Streamlit UI — integrate or use the visual dashboard

✅ 29 automated tests — coverage for core compliance flows

✅ Apache 2.0 license — free for commercial use

Tech Stack

Layer	Technology
Backend	FastAPI (Python)
Frontend	Streamlit
Database	SQLite
AI Engine	Ollama + llama3.1
Auth	API key system with billing tiers
Tests	pytest (29 tests)

Getting Started

# Run with Docker (recommended)
docker run -p 8000:8000 -p 8501:8501 lgpd-sentinel-ai

# Generate your API key
curl -X POST http://localhost:8000/billing/keys
# Returns a 7-day Pro trial key automatically

That's it. You now have a fully operational LGPD compliance audit environment running locally.

Architecture Overview

The system is built around three core modules:

Scanner — connects to your databases/APIs and identifies personal data fields using llama3.1 classification
Assessor — generates DPIA reports with risk scoring based on LGPD Article 38
DSR Handler — automates subject access requests with configurable workflows

All AI inference runs through Ollama's local runtime, so processing happens entirely on your infrastructure.

Why local AI matters for compliance

When you use a cloud-based compliance tool, you're sending your users' personal data to a third party to analyze it. That itself can be a LGPD violation if not properly documented.

With local AI, the model runs on your hardware. Nothing leaves. You can even run it air-gapped.

Free to get started

Free tier: core audit features, 30 scans/month
Pro trial: 7 days free, no credit card — just POST /billing/keys after install

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

Product Hunt: https://producthunt.com/posts/lgpd-sentinel-ai

Stars, issues, and PRs are very welcome. This is v0.1 and there's a lot of ground to cover.

LGPD Sentinel AI — Automated LGPD Compliance Audits with Local AI (Free + 7-Day Pro Trial)

LEONARDO DE SOUZA JUNIOR — Wed, 18 Mar 2026 00:30:48 +0000

The Problem

Brazil's LGPD (Lei Geral de Proteção de Dados) is the Brazilian equivalent of GDPR. ANPD can fine companies up to R$50 million per violation. Hiring consultants for a compliance audit costs R$8,000–R$30,000. Most SMEs simply don't do it.

What if you could automate LGPD compliance audits locally — with no data leaving your server, using open source AI?

That's LGPD Sentinel AI.

What It Does

LGPD Sentinel AI is an open source tool that automates the three pillars of LGPD compliance:

Feature	What it delivers	LGPD Article
Data Mapping	Classifies personal/sensitive data, suggests legal basis, scores compliance 0–100	Art. 5, 7, 11
DPIA / RIPD	Full impact report with risks, mitigations, and PDF ready for ANPD	Art. 38
DSR (Direitos do Titular)	Analyzes all 8 data subject rights, generates official response letters	Art. 18

Everything runs 100% locally via Ollama — zero data sent to external APIs.

Stack

Backend: Python 3.11 + FastAPI
AI: LangChain + Ollama (llama3.1:8b or Mistral)
Frontend: Streamlit dashboard (5 tabs)
DB: SQLite (zero config)
PDF: ReportLab
Payments: Stripe (freemium)
Deploy: Docker Compose

Getting Started (3 commands)

git clone https://github.com/ldsjunior-ui/lgpd-sentinel-ai
cd lgpd-sentinel-ai
docker compose up

Frontend: http://localhost:8501
API Docs: http://localhost:8000/docs

API Example

# Generate API key (includes 7-day Pro trial, no credit card)
curl -X POST http://localhost:8000/api/v1/billing/keys \
  -H "Content-Type: application/json" \
  -d '{"email": "you@company.com"}'

# Run a data mapping audit
curl -X POST http://localhost:8000/api/v1/map-data \
  -H "X-API-Key: lgpd_your_key" \
  -H "Content-Type: application/json" \
  -d '{"data": [{"key": "cpf", "value": "123.456.789-00"}, {"key": "email", "value": "user@example.com"}]}'

Freemium Model

Every new API key gets a 7-day Pro trial (unlimited usage, no credit card required).

After trial:

Free: 5 mappings, 2 DPIAs, 10 DSRs/month
Pro: R$97/month — unlimited everything

Current Status

✅ 29 passing tests
✅ Docker Compose ready
✅ Streamlit dashboard (5 tabs)
✅ Freemium with Stripe integration
✅ API key management + quota enforcement
✅ PDF export (DPIA/RIPD)
✅ Audit history with charts
🚀 Launched on Product Hunt today!

Why Local AI?

Privacy-by-design is a core LGPD principle. It would be ironic to send sensitive business data to an external API just to check for privacy violations. With Ollama, inference happens entirely on your hardware.

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

Product Hunt: https://www.producthunt.com/posts/lgpd-sentinel-ai

Feedback and contributions very welcome! Happy to answer questions about LGPD specifics or the local AI architecture.

LGPD Sentinel AI — Open source LGPD compliance automation with local AI (FastAPI + LangChain + Ollama)

LEONARDO DE SOUZA JUNIOR — Tue, 17 Mar 2026 02:11:47 +0000

The Problem

Brazilian companies are being fined by ANPD (Brazil's data protection authority) for LGPD non-compliance. LGPD is Brazil's GDPR equivalent — and it requires mandatory personal data mapping plus DPIA (Data Protection Impact Assessment) reports.

The existing tools cost US$500+/month (Osano, OneTrust, TrustArc). SMEs and startups simply can't afford that.

The Solution

LGPD Sentinel AI is a 100% open source tool (Apache 2.0) that automates LGPD compliance audits using local AI via Ollama (Mistral, Llama3, Gemma).

Zero data leaves your server. Everything runs on your own infrastructure.

What's already built (v0.1.0-alpha)

FastAPI endpoints for automated personal data mapping
DPIA/RIPD generation with AI (LangChain + Ollama)
Automatic risk scoring by LGPD category
Specialized PT-BR prompts
Docker + docker-compose (up in 2 commands)
GitHub Actions CI/CD with tests + Trivy security scan
Support for Mistral 7B, Llama3, Gemma via Ollama

Tech Stack (all open source, all free)

Layer	Tool
Backend	Python 3.11 + FastAPI
AI Inference	LangChain + Ollama (100% local)
Models	Mistral 7B, Llama3, Gemma
Config	pydantic-settings
Tests	pytest with LLM mocks
CI/CD	GitHub Actions
License	Apache 2.0

Quick Start

git clone https://github.com/ldsjunior-ui/lgpd-sentinel-ai
cd lgpd-sentinel-ai && cp .env.example .env
docker-compose up -d

Total Cost

$0.00 — self-hosted free forever.

Why local AI?

Personal data NEVER leaves your server
Zero cost per token (Mistral via Ollama)
Lower latency
Easier LGPD Article 46 compliance (data security measures)

DEV Community: LEONARDO DE SOUZA JUNIOR

I Built an Open Source LGPD Compliance Tool with Local AI

Features

Tech Stack

Links

I built an open-source LGPD audit tool with local AI (no cloud, no data leaks)

TL;DR

The Problem

What I Built

Stack

Key Features

📊 Data Mapping

🔍 DPIA (Data Protection Impact Assessment)

📝 DSR Management

🛡️ Risk Assessment

Why Local AI Matters for Compliance

Getting Started

What's Next

Support the Project

Como construí uma ferramenta open source de auditoria LGPD com IA local (sem enviar dados para a nuvem)

O problema: conformidade LGPD é cara e expõe dados sensíveis

A arquitetura: local-first do início ao fim

Por que IA local e não GPT-4?

Como o scanner de PII funciona

O pipeline de auditoria completo

Deploy e automação sem custo

Resultados

Links

I built an open-source LGPD compliance tool with local AI — no data ever leaves your server

The Problem

Introducing LGPD Sentinel AI

What it does

Tech Stack

Getting Started

Architecture Overview

Why local AI matters for compliance

Free to get started

LGPD Sentinel AI — Automated LGPD Compliance Audits with Local AI (Free + 7-Day Pro Trial)

The Problem

What It Does

Stack

Getting Started (3 commands)

API Example

Freemium Model

Current Status

Why Local AI?

LGPD Sentinel AI — Open source LGPD compliance automation with local AI (FastAPI + LangChain + Ollama)

The Problem

The Solution

What's already built (v0.1.0-alpha)

Tech Stack (all open source, all free)

Quick Start

Total Cost

Why local AI?

Links