Documentation

FirstCheck is a text-based policy analysis platform that identifies potential compliance gaps in privacy and AI policy documents. This guide explains how the tool works, what it checks, and how to interpret results.

Important Disclaimer: FirstCheck provides text-based analysis for risk identification purposes only. It does not constitute legal advice. Always consult a qualified attorney for compliance decisions.

How It Works

Step 1

Upload Your Policy Document

Drag and drop or select up to 10 PDF, TXT, or HTML files. Each file can be up to 10MB. The system extracts text from your document for analysis.

Step 2

Select Jurisdictions

Toggle which regulations to check against. By default all 6 jurisdictions are active. Deselect any that are not relevant to your business.

Step 3

Run the Scan

Click 'Scan Documents'. The system uses text-based analysis to identify potential disclosure gaps, missing clauses, and compliance risks.

Step 4

Review Results

Results include a compliance score (0–100), risk severity breakdown (High / Medium / Low), jurisdiction applicability, and detailed findings per regulation.

Step 5

Download PDF Report

Generate a professional PDF report listing all findings, guidance, and jurisdictions analyzed — ready to share with clients or legal counsel.

Understanding Your Compliance Score

The compliance score (0–100) reflects how many potential disclosure gaps were found relative to the number of checks performed. A higher score means fewer gaps were identified.

Low Risk80–100

Few or no significant gaps found. Minor review recommended.

Moderate Risk60–79

Some gaps identified. Review and update recommended.

Elevated Risk40–59

Multiple gaps found. Legal review strongly recommended.

High Risk0–39

Significant gaps identified. Immediate legal review required.

Note: A score of 100 does not mean your policy is fully compliant. It means no gaps were detected by the text analysis. Documents that are not policy documents (e.g., promotional materials, contracts) may also score high because they are not analyzed against applicable rules.

Supported Jurisdictions

CPRA

California Privacy Rights Act

California, USA

Expands CCPA rights. Requires disclosure of data categories, consumer rights to access/delete/correct, opt-out of sale/sharing, and data minimization.

GDPR

General Data Protection Regulation

European Union

Comprehensive EU data protection law. Requires lawful basis for processing, data subject rights, DPO appointment in some cases, and breach notification within 72 hours.

VCDPA

Virginia Consumer Data Protection Act

Virginia, USA

Grants Virginia residents rights to access, correct, delete, and opt out of targeted advertising and sale of personal data.

CPA

Colorado Privacy Act

Colorado, USA

Provides Colorado residents rights to access, correct, delete personal data, and opt out of targeted advertising and profiling.

TDPSA

Texas Data Privacy and Security Act

Texas, USA

Grants Texas residents rights over their personal data including access, correction, deletion, and opt-out of targeted advertising.

EU AI Act

EU Artificial Intelligence Act

European Union

World's first comprehensive AI regulation. Classifies AI systems by risk level and imposes transparency, documentation, and human oversight requirements.

Supported File Types

.PDF

Privacy policies, terms documents, AI governance policies. Text is extracted automatically.

.TXT

Plain text policy documents. Best for clean, unformatted policy content.

.HTML

Web-based policy pages saved as HTML. Tags are stripped before analysis.

Maximum file size: 10MB per file. Maximum 10 files per batch scan.

What We Check

Data collection and categories disclosed

Lawful basis for processing (GDPR)

Consumer rights disclosures (access, deletion, correction)

Opt-out mechanisms for data sale/sharing

Data retention periods

Third-party sharing and sub-processors

Contact information for privacy requests

Cookie and tracking technology disclosures

Children's data protections

AI system transparency requirements (EU AI Act)

Cross-border data transfer safeguards

Data breach notification procedures

Limitations

Not legal advice: Results are for risk identification only. A qualified attorney must review your policy for actual compliance determination.

Text-based analysis only: The tool analyzes the text of your document. It cannot assess your actual data practices, technical implementations, or organizational procedures.

Non-policy documents: Uploading documents that are not privacy or AI policies (e.g., marketing materials, contracts) will produce unreliable results. The tool is optimized for privacy policies and AI governance documents.

Evolving regulations: Laws change frequently. Always verify that the analysis reflects the most current regulatory requirements with a legal professional.