COMPLIANCE
Compliance evidence that never leaves your device.
Locke turns local detection into exportable reports — for regulators, auditors, and your own records — without sending a single byte anywhere to produce them.
COMPLIANCE REPORTS
Reports mapped to the regimes you answer to
The dashboard already maps detection activity to regulatory frameworks (see Methodology). A compliance report packages that mapping into an export you can hand to counsel, a DPO, or an auditor — organized by regime, not raw event logs.
CCPA / CPRA
California, US
Personal and sensitive-information transmissions to third-party AI tools, organized by CCPA's disclosure categories.
UK GDPR
United Kingdom
Personal data transmissions assessed against the UK's post-Brexit data-protection principles.
EU GDPR
European Union
Personal data processing events relevant to lawful-basis, cross-border transfer, and data-subject-rights questions.
HIPAA
United States · Healthcare
Transmissions matching Protected Health Information patterns sent to an AI tool without a Business Associate Agreement on file.
And more
GLBA, PCI-DSS, and others
The same regulatory mapping the dashboard already uses — see Methodology for the full list of frameworks Locke tracks.
TECHNICAL REPORTS
Evidence for the people who have to sign off
Compliance officers aren't the only audience. Locke also exports technical reports built for infosec teams, IT regulators, and auditors who need the underlying evidence, not just the regulatory summary.
What was detected
Detection type, category, and confidence — every pattern Locke flagged, not just the ones that led to action.
What was masked or blocked
The outcome of each event: masked, blocked, remediated, or sent unprotected — and why.
When it happened
Full timestamped event history, in the order it occurred, for anyone reconstructing a timeline.
Configuration state
Which detectors were enabled and how sensitivity was set at the time of each event — the settings that produced the report.
Planned for Pro and Teams: PDF export with SHA-256 integrity verification, so a report's contents can be checked against its fingerprint without asking Sonomos to vouch for it. Not available yet — generated locally once it ships, same as everything else here.
RULES SANDBOX
Trust, but verify — locally
Before you rely on a detector — built-in or your own — test it. Write a detection rule in a simple format, or run any of Locke's built-in categories, against sample text of your choosing. Nothing you type into the sandbox goes anywhere.
PROJ-4471 matched "Internal Project Code" — custom rule, tested before it protects anything.
The same sandbox works with any of Locke's 36 checksum-validated regex detectors and 70+ semantic categories — see how they behave before deciding what to enable.
Reports and sandbox ship with Locke. Request early access and we'll be in touch as soon as builds are available.
Request early access