Covenants

When non-profit or government contractor gets audited for funding, it usually takes weeks of manual labor to review staffing logs, incident reports, and financial documents to find compliance risks

Comment

Inspiration

Our inspiration came directly from our own community. All of us on the team have spent time doing volunteer work for non-profits at our local mosque. Through that experience, we saw firsthand how these organizations actually run: on the backs of dedicated volunteers who freely give hundreds of hours of their time every single month to keep things afloat.

While managing community events and fundraising is exhausting enough, we noticed a massive, silent burden hanging over the administrative team: legal compliance.

Whether it's data privacy laws, financial reporting, or local regulations, compliance isn't something a non-profit can just "figure out later." It directly correlates to their legal ability to exist and run the organization. But expecting unpaid volunteers to act like a corporate legal team is unrealistic and incredibly stressful. We wanted to build something that took this massive, scary burden and turned it into an easy, automated, and visually intuitive process. We wanted our volunteers to spend less time worrying about GDPR or CCPA, and more time helping the community.

What it does

Our project is an end-to-end compliance management dashboard tailored for non-technical users at non-profits. It simplifies the legal gauntlet into four digestible steps:

  1. Data Input: Users simply drag and drop their current policy documents, logs, or reports.
  2. Visual Risk Assessment: The system analyzes the documents and generates a visual map of risk "bubbles." High-priority issues (like unencrypted personal data) are flagged in red, making it immediately clear what needs attention.
  3. Actionable Mitigation Plans: Instead of just telling the user they are doing something wrong, the app generates distinct "Plans" (e.g., Best Practice vs. Minimum Compliance) with estimated times and costs.
  4. Automated Execution: Once a plan is selected, the platform visualizes and triggers an automated Zapier-style workflow to actually fix the issue (like redacting PII or notifying an admin), turning hours of manual work into a single click.

How we built it

We started exactly where all good ideas start: on a whiteboard. We sketched out the user journey, focusing heavily on making the UI feel less like a dense legal document and more like a modern, friendly web app.

  • Frontend: We built the interface using React, focusing heavily on state management to ensure a smooth transition between the four distinct phases of the workflow (Upload $\rightarrow$ Assess $\rightarrow$ Plan $\rightarrow$ Execute). We used a clean, grid-based UI with clear color-coding (red/orange/green) to make risk assessment instantaneous.
  • The Logic: We designed the system architecture to take raw text data, run it through an analysis layer to categorize the risk severity, and then dynamically generate the "Zapier flow" visualization based on the chosen mitigation plan.

Challenges we ran into

Our biggest challenge was translation—specifically, translating dense, terrifying legal jargon into a UI that a weekend volunteer could understand without a panic attack.

Designing the "Risk Assessment" interface took several iterations. Initially, we just had a list of warnings, but we realized that was overwhelming. Moving to the floating "risk bubbles" design allowed us to use size and color to subconsciously communicate priority. Additionally, mapping out the automated workflows (the execution phase) required us to think deeply about how different APIs and tools (AWS, Email, Terraform) actually connect in the real world to solve compliance issues.

What we learned

We learned a massive amount about the intersection of UI/UX and legal tech. We realized that when you are building tools for volunteers, empathy has to be baked into the design. If a tool is clunky, they simply won't use it, and in the case of compliance, not using the tool could mean the end of the organization.

Technically, we leveled up our ability to create dynamic, state-driven frontends. Building the visual automation map for the final step taught us a lot about rendering complex node-based relationships in a clean, accessible way.

What's next?

We want to get this into the hands of the administrators at our mosque and other local community centers to run a beta test. We also plan to integrate real backend AI to parse the uploaded PDFs dynamically and expand the automated execution step to connect with actual live webhooks, turning this prototype into a fully functional compliance safety net.

Built With

  • cursor
  • langchain
  • python
  • rag
  • watsonx
Share this project:

Updates