DEV Community

LEONARDO DE SOUZA JUNIOR
LEONARDO DE SOUZA JUNIOR

Posted on

I built an open-source LGPD compliance tool with local AI — no data ever leaves your server

#ai #privacy #python #opensource

The Problem

Brazil's LGPD (Lei Geral de Proteção de Dados) came into force in 2020 with fines up to R$50 million per violation. Yet 90% of small and medium businesses (PMEs) still have no data mapping, no DPIA, and no DSR process in place.

Why? Because:

  • Hiring a consultant costs R$20–80k
  • SaaS compliance platforms cost R$2–5k/month
  • Most tools require uploading your sensitive data to external servers

So I built an alternative.

Introducing LGPD Sentinel AI

LGPD Sentinel AI is a fully open-source compliance audit tool that runs 100% locally using Ollama + llama3.1. Your data never leaves your server.

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

What it does

Automatic data mapping — scans your systems and catalogs personal data assets

DPIA/RIPD generation — creates Data Protection Impact Assessments with risk scores

DSR automation — handles Data Subject Requests (access, deletion, correction)

100% local AI — llama3.1 via Ollama, zero external API calls

REST API + Streamlit UI — integrate or use the visual dashboard

29 automated tests — coverage for core compliance flows

Apache 2.0 license — free for commercial use

Tech Stack

Layer Technology
Backend FastAPI (Python)
Frontend Streamlit
Database SQLite
AI Engine Ollama + llama3.1
Auth API key system with billing tiers
Tests pytest (29 tests)

Getting Started 

# Run with Docker (recommended)
docker run -p 8000:8000 -p 8501:8501 lgpd-sentinel-ai

# Generate your API key
curl -X POST http://localhost:8000/billing/keys
# Returns a 7-day Pro trial key automatically
Enter fullscreen mode Exit fullscreen mode

That's it. You now have a fully operational LGPD compliance audit environment running locally.

Architecture Overview

The system is built around three core modules:

  1. Scanner — connects to your databases/APIs and identifies personal data fields using llama3.1 classification
  2. Assessor — generates DPIA reports with risk scoring based on LGPD Article 38
  3. DSR Handler — automates subject access requests with configurable workflows

All AI inference runs through Ollama's local runtime, so processing happens entirely on your infrastructure.

Why local AI matters for compliance

When you use a cloud-based compliance tool, you're sending your users' personal data to a third party to analyze it. That itself can be a LGPD violation if not properly documented.

With local AI, the model runs on your hardware. Nothing leaves. You can even run it air-gapped.

Free to get started

  • Free tier: core audit features, 30 scans/month
  • Pro trial: 7 days free, no credit card — just POST /billing/keys after install

GitHub: https://github.com/ldsjunior-ui/lgpd-sentinel-ai

Product Hunt: https://producthunt.com/posts/lgpd-sentinel-ai

Stars, issues, and PRs are very welcome. This is v0.1 and there's a lot of ground to cover.

Top comments (0)