Start free

Products

Observability

Trace every LLM call. Cost, latency, hallucination.

Guardrails

HIPAA, FDCPA, FINRA, GDPR — enforced in-process.

Prompts

Version-controlled prompts with A/B testing and rollback.

Resources

Live demoBlogDocsGitHub
Sign inStart free →
New to Peekr compliance? See why regulated teams use Peekr →
17 packs · real regulatory patterns · tamper-evident audit log

Every rule. Every citation.
Enforced in-process.

Below is the exact content of every compliance pack — the patterns, the regulatory citations, and the enforcement actions. Not marketing copy. The actual rules your agent runs against on every LLM call.

Enable your first pack free Book a compliance demo
HIPAA FDCPA FINRA GDPR EU AI Act UAE PDPL UAE DHA UAE CBUAE UAE RERA KSA PDPL EEOC UPL
In-process enforcement — zero proxy latency No customer data leaves your stack Tamper-evident audit log MIT-licensed SDK SOC 2 Type 1 in progress

How compliance packs work

Rules live in the cloud. Enforcement happens in your process.

Add compliance=["HIPAA", "FDCPA"] to instrument(). At startup, the SDK fetches the latest regulatory patterns from Peekr Cloud — no SDK update needed when regulations change. Rules are enforced synchronously on every LLM span, in your process, with no proxy.

  • Three rule types per pack. prohibited_output, prohibited_input, required_disclosure — each mapped to the exact regulatory citation.
  • Rules update without SDK updates. Patterns live in Peekr Cloud. When regulations change, your next deployment picks them up automatically.
  • Full audit trail. Every violation is stored on the span before GuardrailError propagates. Compliance team gets the log.
  • raise or warn per pack. Hard-block for CRITICAL severity. Warn-only for packs you're still onboarding. Configurable per project.
healthcare_agent.py
import peekr

# Compliance packs fetched from Peekr Cloud
# and enforced locally — no proxy, no latency
peekr.instrument(
  exporter=peekr.HTTPExporter(
    endpoint="https://peekr.starkspherelabs.com",
    api_key="pk_live_…",
  ),
  # Compliance packs (Pro)
  compliance=["HIPAA", "FDCPA"],
  # Custom guardrails (all plans)
  guardrails=[
    peekr.guard.PIIRedact(),
    peekr.guard.HallucinationBlock(threshold=0.6),
  ],
){

# GuardrailError carries the pack name + citation
from peekr.guard import GuardrailError
try:
  resp = client.chat.completions.create(...)
except GuardrailError as e:
  log.warn(f"[{e.guardrail_name}] {e}")

17 industry packs · USA · EU · UAE · KSA · maintained by Peekr

One line per regulation. We maintain the patterns.

Each pack contains prohibited output patterns, prohibited input patterns, and required disclosure strings — mapped to the exact regulatory citation. Toggle packs on/off per project from the dashboard.

FDCPA

Debt Collection · USA Federal

Critical

Blocks false threats, unauthorized fee claims, and abusive language. Injects Mini-Miranda disclosures.

9 rules · maintained by Peekr

Blocked output
we (will|are going to) (sue|arrest|prosecute) you

§1692e — False threat of legal action or arrest

Blocked output
(legal action|lawsuit|court) (has been|is) (filed|initiated|pending)

§1692e — False claim of legal action

Blocked output
we can (waive|remove|forgive) (the|this)? (fee|debt|balance)

§1692f — Unauthorized fee modification commitment

Blocked output
pay .{0,30}(additional|extra) (fee|charge|interest|amount)

§1692f — Collection of unauthorized charges

Blocked output
(government|federal|official) (agency|collector|department)

§1692e — Misrepresentation as government entity

Blocked output
(stupid|idiot|deadbeat|loser|scammer)

§1692d — Abusive or harassing language

Required disclosure
This is an attempt to collect a debt

§1692e(11) Mini-Miranda — required in ALL initial communications

Required disclosure
Any information obtained will be used for that purpose

§1692e(11) Mini-Miranda — second clause

Required disclosure
This communication is from a debt collector

§1692e(11) — required in all subsequent communications

Full FDCPA setup guide →FTC — FDCPA full text

Regulatory disclaimer

Peekr compliance packs are a technical enforcement layer — not legal advice. Engage qualified legal counsel for definitive compliance guidance. Patterns are maintained in good faith against published regulatory text.

Custom guardrails · all plans

Define rules from the dashboard. No code changes needed.

Add blocked terms, regex patterns, required disclosures, and faithfulness thresholds directly in the Peekr Cloud dashboard. Rules are fetched by the SDK at startup — your legal or compliance team can update them without touching code.

From the dashboard

Custom rules · add new

Name

No competitor mentions

Rule type

Blocked term ✓

Action

Raise
Redact
Warn

Value

CompetitorAI, RivalCorp
Save rule
Cancel
No competitor mentionsraise

blocked_term · input, output

SDK picks up changes on next startup · no code change needed

Or in code — all plans

PIIRedactMutating · pre-storage

Strips email, phone, SSN, credit card, IP before storage.

peekr.guard.PIIRedact()
BlocklistRaise · Redact · Warn

Block terms, patterns, or API secrets. COMMON_SECRETS catches all major key formats.

peekr.guard.Blocklist(
  patterns=Blocklist.COMMON_SECRETS,
  action="redact",
)
HallucinationBlockBlocking · post-storage

Raises GuardrailError when score < threshold. Violation stored before error propagates.

peekr.guard.HallucinationBlock(
  threshold=0.5,
)

Control plane

Toggle packs. Add custom rules. Monitor violations. No redeploys.

The Compliance settings page is the single place to manage everything — regulatory packs, custom rules, and action modes. Your legal or compliance team can change rules from the dashboard. The SDK fetches the latest config at startup — no code change, no PR, no deploy.

  • Custom rules: blocked terms, regex patterns, required disclosures, thresholds
  • Compliance packs: HIPAA, FDCPA, FINRA, GDPR — toggle per project
  • raise or warn mode — hard-block or audit-only per rule
  • Full violation feed with trace links and regulatory citations
Open the dashboard

Compliance · Project settings

HIPAA — HealthcareCRITICAL
raise
FDCPA — Debt CollectionCRITICAL
warn
FINRA / SEC Reg BIHIGH
EU AI Act — Chatbot IdentityCRITICAL
GDPR — Automated DecisionsHIGH
warn

SDK picks up changes on next startup — no redeploy required.

The rules, not just the names

Real patterns. Real citations.

Compliance packs are not checkboxes. Here are the actual regex patterns and required-disclosure rules enforced on every LLM span — fetched from Peekr Cloud at instrument() time, matched in-process with zero proxy overhead.

critical

HIPAA — Healthcare

USA Federal
blocked output
(diagnos|you have).{0,60}(cancer|HIV|diabetes)

Privacy Rule — AI stating diagnosis as fact

blocked output
(prescribe|recommend you take).{0,30}(mg|dose|drug)

AI prescribing medication

blocked output
\b\d{3}-\d{2}-\d{4}\b

SSN in output — automatic PHI violation

blocked output
(MRN|medical record number).{0,20}\d+

Medical record number in output

required text
This is not a diagnosis or medical advice

Required disclaimer — injected if absent

required text
Consult a licensed healthcare provider

Required referral to licensed care

critical

FDCPA — Debt Collection

USA Federal
blocked output
we (will|are going to) (sue|arrest|prosecute) you

§1692e — False threat of legal action

blocked output
(legal action|lawsuit|court) (has been|is) (filed|pending)

§1692e — False claim of legal action

blocked output
(stupid|idiot|deadbeat|loser|scammer)

§1692d — Abusive or harassing language

blocked output
pay .{0,30}(additional|extra) (fee|charge|interest)

§1692f — Collection of unauthorized charges

required text
This is an attempt to collect a debt

§1692e(11) Mini-Miranda — required in ALL initial comms

required text
This communication is from a debt collector

§1692e(11) — required in subsequent comms

high

FINRA / SEC Reg BI

USA Federal
blocked output
you should (buy|sell|hold|invest in) .{0,60}(stock|ETF|crypto)

Rule 2111 — Specific investment recommendation without suitability

blocked output
(guaranteed|risk-free|no-risk) (return|investment|profit)

SEC — Guarantee of investment returns

blocked output
(will|guaranteed to) (go up|return|gain) \d+%

FINRA — Performance prediction prohibited

blocked output
(can\'t lose|cannot lose|you won\'t lose)

SEC — Loss-prevention guarantee prohibited

required text
not personalized investment advice

FINRA/SEC — Required non-advice disclaimer

required text
Investment recommendations require a suitability assessment

Rule 2111 — Suitability requirement disclosure

Rule types

prohibited_outputRegex matched against the LLM's response. If it matches, the guardrail fires before the response reaches your user.
prohibited_inputRegex matched against what goes into the model. Catches PHI in prompts before it reaches the LLM.
required_disclosureA string that must appear in the response. If absent, the guardrail fires — the SDK injects the disclosure or blocks the call.

When a rule fires

Violations are stored on the span before any action — you always have the audit trail.

span.attributes = {
  "guardrail_violations": [
    "HIPAA: AI stating diagnosis as fact
     — matched: 'you have diabetes'"
  ],
  "guardrail_warnings": [...],
}

All 10 packs — HIPAA, FDCPA, FINRA, Fair Housing, EEOC/ADA, UPL, TCPA, GDPR, EU AI Act, TILA/ECOA. Deep-dive into the HIPAA pack →

Enterprise

Built for teams that get audited.

Compliance is only worth anything if it survives a security review and a regulator. Peekr is built to.

Your data stays in your stack

Rules run locally, in your process — we never proxy your LLM traffic. Only PII-redacted spans reach Peekr Cloud, and you decide what's retained.

Deploy your way

Use the hosted cloud or self-host the whole stack. The SDK is MIT-licensed and runs anywhere your code does — no lock-in.

Audit-ready by default

Every violation is recorded before the error propagates. Export a date-ranged, per-regulation report your compliance officer hands to an auditor.

Access & identity

SSO / SAML, role-based access, and a read-only auditor role on the Enterprise plan.

Always current

Regulations change; your rules change with them. Packs are maintained by Peekr and fetched at runtime — no SDK release required.

Support & assurance

Dedicated support, response-time SLAs, a security review, and a signed DPA. SOC 2 Type 1 in progress.

Enable your first compliance pack free.

10k spans/month free. No credit card. HIPAA, FDCPA, FINRA, GDPR, UAE PDPL — all available on the free tier. Toggle from your dashboard, live on the next request.

Enable HIPAA free Book a demo

New to compliance? See why regulated teams use Peekr →