Local Layer Risk Assessment

Your situation

How are you primarily using AI right now?

This determines which risk surfaces apply. Select all that describe you.

Building a product or app for others SaaS tools, mobile apps, AI-powered services, developer tooling Running AI agents for my own work Coding agents, email automation, file processing, research, vibe coding

Select at least one to continue.

What you're building

Tell us about your product.

Regulatory obligations attach to what you build, not just how you build it. A health app built with Claude Code has HIPAA exposure. The coding tools will not tell you that.

A

What type of product are you building?

Select all that apply.

Health, wellness, or mental health Personal finance or investment Legal guidance or document tools HR, hiring, or career tools Children or education Social, relationship, or companion General SaaS with AI features Developer tooling or infrastructure

Select at least one to continue.

B

What data will your product handle?

Select all that apply.

Health or medical data (PHI) Financial or payment data Personal data (names, emails, location) Data from under-18s No personal data Not sure yet

Select at least one to continue.

C

Which markets will you serve?

Select all that apply.

Select at least one to continue.

Your agent environment

What does your agent have access to?

The risk is in what your agent can reach, not what you intend it to do. An agent reading your inbox is a data processor. Most operators have no documentation for that.

A

What can your agent access?

Select all that apply. Include anything connected via MCP, API, file path, or integration.

Email inbox Gmail, Outlook, or similar File system or local documents Financial accounts or APIs Banking, Plaid, Stripe, or similar API keys or credentials In .env files, shell config, or accessible folders Calendar or CRM Code repositories Cloud storage S3, Drive, Dropbox, or similar Communication tools Slack, Teams, Discord

Select at least one to continue.

B

Do you work with clients whose data may enter your agent environment?

Client emails, documents, financial details, or any information about the people you work for.

Yes, client data is likely in scope No, this is my own data only Not sure

Choose one to continue.

C

What best describes your professional role?

Developer or engineer Consultant or freelancer Lawyer or legal professional Accountant or financial professional Solopreneur or founder Other

Choose one to continue.

Scale

Two more questions.

Regulatory thresholds are often tied to revenue, user count, and geography. This calibrates your exposure.

A

Approximate annual revenue or billing?

Pre-revenue is a valid answer. This sets regulatory thresholds, not your enforcement risk.

Pre-revenue Under $50k per year $50k to $500k per year Over $500k per year

Choose one to continue.

B

Which AI tools or coding agents are you using?

Select all that apply. Optional but improves your report.

Find out what your AI setup is actually exposing you to.

How are you primarily using AI right now?

Tell us about your product.

What does your agent have access to?

Two more questions.

Your inputs point to exposure across multiple regulatory areas.

Get the complete picture.

Check your inbox.

No charge was made.