CanOrNot

Landing Page
User Input
Regulation Compliance Analysis 1
Regulation Compliance Analysis 2
Extension with Code Analysis

🌟 Inspiration

TikTok operates across dozens of jurisdictions, each with rapidly evolving privacy and data protection laws. We realized developers often lack automated tools to ensure that features comply with regulations such as GDPR, COPPA, and CCPA.
The inspiration came from seeing the growing compliance burden on global platforms and imagining: What if compliance checks could run automatically, just like unit tests?

✅ What it does

CanOrNot is an AI-powered compliance assistant for TikTok feature development. It:

Analyzes feature specifications, code, and documentation against major regulations.
Flags geo-specific compliance requirements (e.g., EU vs. US vs. Asia).
Provides real-time insights to developers, PMs, and compliance teams.
Generates auditable evidence for regulatory inquiries.

🛠️ How we built it

Frontend: A React-based dashboard for compliance visualization.
Backend: A Python Flask API to orchestrate AI models and parse regulatory text.
Developer Integration, A VS Code extension that runs compliance checks as developers code.
LLMs augmented with Retrieval-Augmented Generation (RAG) for contextual legal analysis.

🚧 Challenges we ran into

Regulatory ambiguity: Legal texts are often vague and inconsistent.
Conflicting laws: Requirements differ or even contradict across regions.
LLM misinterpretations: Handling jargon, internal codenames, and abbreviations without errors.
Scalability: Ensuring performance when analyzing thousands of features and documents.

🏆 Accomplishments that we're proud of

Built a working end-to-end prototype integrating frontend, backend, and AI core.
Successfully demonstrated real-time compliance flagging for TikTok-specific feature artifacts.
Created a traceable, auditable output that compliance teams can rely on.
Designed a developer-friendly workflow with minimal disruption.

📚 What we learned

Deepened our understanding of global privacy regulations and their engineering implications.
Learned how to combine LLMs, RAG, and multi-agent orchestration for specialized compliance tasks.
Gained experience in designing systems that are not just AI demos, but scalable developer tools.
Understood the importance of explainability in compliance: AI must justify its decisions.

🚀 What's next for CanOrNot

Broader platform coverage: Extend beyond TikTok to other global platforms.
Advanced detection mechanisms: Incorporate static analysis, runtime tracing, and data flow analysis.
Improved accuracy: Fine-tune LLMs with domain-specific corpora and internal datasets.
Self-evolving system: Develop a multi-agent feedback loop for continuous improvement with minimal human intervention.
Enterprise adoption: Position CanOrNot as a compliance-as-a-service solution for fast-scaling companies.