PrivaBase API

Privacy compliance infrastructure for modern applications. GDPR, CCPA, HIPAA — automated.

GDPRCCPAHIPAASOC 2REST API

Base URL: https://privacy-compliance-api.vercel.app/api/v1

Quick Start

1. Install the SDK

npm install privabase

2. Initialize

const { PrivaBase } = require('privabase');
const pb = new PrivaBase({ apiKey: 'your-api-key' });

3. Run a compliance check

const result = await pb.compliance.check({
  jurisdiction: 'GDPR',
  dataCategories: ['personal'],
  processingPurposes: ['marketing'],
  dataSubjects: 1000
});
console.log(result.data);

Authentication

PrivaBase supports two authentication methods:

JWT Bearer Token

Obtain a token via /auth/login or /auth/register, then pass it in the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

API Key

Create an API key via the dashboard or /api-keys endpoint, then pass it as a header:

x-api-key: pk_live_your_key_here

SDKs

Node.js SDK

npm install privabase

Full API wrapper with TypeScript support. View on npm →

Browser Consent SDK

npm install @privabase/consent

Drop-in GDPR/CCPA cookie consent banner. View on npm →

import { PrivaBaseConsent } from '@privabase/consent';
new PrivaBaseConsent({ theme: 'dark', privacyPolicyUrl: '/privacy' }).show();

Auth — Register

POST /auth/register

Create a new account and receive a JWT token.

Request Body

{
  "email": "user@example.com",
  "password": "securePassword123",
  "name": "Jane Doe"
}

Response

{
  "data": {
    "token": "eyJhbGciOi...",
    "account": { "id": "...", "email": "user@example.com", "name": "Jane Doe" }
  }
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"user@example.com","password":"securePassword123","name":"Jane Doe"}'

Auth — Login

POST /auth/login

Authenticate and receive a JWT token.

{
  "email": "user@example.com",
  "password": "securePassword123"
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"user@example.com","password":"securePassword123"}'

Auth — Get Account

GET /auth/me

Get the authenticated user's account details. Requires Bearer token.

▶ Try it with curl 
curl https://privacy-compliance-api.vercel.app/api/v1/auth/me \
  -H "Authorization: Bearer YOUR_TOKEN"

API Keys — Create

POST /api-keys
{ "name": "Production Key" }
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/api-keys \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"Production Key"}'

API Keys — List

GET /api-keys
▶ Try it with curl 
curl https://privacy-compliance-api.vercel.app/api/v1/api-keys \
  -H "Authorization: Bearer YOUR_TOKEN"

API Keys — Revoke

DELETE /api-keys/:id
▶ Try it with curl 
curl -X DELETE https://privacy-compliance-api.vercel.app/api/v1/api-keys/KEY_ID \
  -H "Authorization: Bearer YOUR_TOKEN"

Compliance Check

POST /compliance/check

Analyze data processing activities against regulatory frameworks.

{
  "jurisdiction": "GDPR",
  "dataCategories": ["personal"],
  "processingPurposes": ["marketing"],
  "dataSubjects": 1000
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/compliance/check \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jurisdiction":"GDPR","dataCategories":["personal"],"processingPurposes":["marketing"],"dataSubjects":1000}'

DSR — Create Request

POST /dsr/requests

Submit a Data Subject Request (access, deletion, portability, etc).

{
  "type": "access",
  "subject_email": "subject@example.com",
  "framework": "gdpr"
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/dsr/requests \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"type":"access","subject_email":"subject@example.com","framework":"gdpr"}'

DSR — List Requests

GET /dsr/requests
▶ Try it with curl 
curl https://privacy-compliance-api.vercel.app/api/v1/dsr/requests \
  -H "Authorization: Bearer YOUR_TOKEN"

Documents — Templates

GET /documents/templates

List 50+ privacy document templates. Template IDs are prefixed (e.g., pp-gdpr-full, pp-ccpa).

▶ Try it with curl 
curl https://privacy-compliance-api.vercel.app/api/v1/documents/templates \
  -H "Authorization: Bearer YOUR_TOKEN"

Documents — Generate

POST /documents/generate
{
  "template_id": "pp-gdpr-full",
  "variables": {
    "company_name": "Acme Inc",
    "company_email": "privacy@acme.com",
    "company_website": "https://acme.com",
    "effective_date": "2026-01-01"
  }
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/documents/generate \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"template_id":"pp-gdpr-full","variables":{"company_name":"Acme Inc","company_email":"privacy@acme.com","company_website":"https://acme.com","effective_date":"2026-01-01"}}'

Discovery — Connectors

GET /discovery/connectors

List available data source connectors.

Discovery — Classification Rules

GET /discovery/classification/rules

Get PII classification rules used for data discovery.

Discovery — Frameworks

GET /discovery/mapping/frameworks

Get data mapping frameworks.

Discovery — Inventory

GET /discovery/inventory

Get the data inventory.

Discovery — Workflows

GET /discovery/workflows

Get alerts and scheduled workflows.

// Response
{ "data": { "alerts": [], "schedules": [] } }

HIPAA — Risk Assessments

GET /hipaa/risk-assessments

HIPAA — Privacy Check

POST /hipaa/privacy/check
{ "entity_type": "healthcare_provider" }
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/hipaa/privacy/check \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"entity_type":"healthcare_provider"}'

HIPAA — Training

GET /hipaa/training

HIPAA — BAA

GET /hipaa/baa

HIPAA — PHI Detection

POST /hipaa/phi/detect

Detect Protected Health Information in text.

{ "text": "Patient John Smith SSN 123-45-6789" }
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/hipaa/phi/detect \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"text":"Patient John Smith SSN 123-45-6789"}'

Policies — Templates

GET /policies/templates

Policies — Generate

POST /policies/generate

Generate a policy document. Types: privacy_policy, cookie_policy, dpa, retention_schedule.

{
  "policy_type": "privacy_policy",
  "frameworks": ["gdpr"],
  "company_name": "Acme Inc"
}
▶ Try it with curl 
curl -X POST https://privacy-compliance-api.vercel.app/api/v1/policies/generate \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"policy_type":"privacy_policy","frameworks":["gdpr"],"company_name":"Acme Inc"}'

Billing — Pricing

GET /billing/pricing

Get available plan tiers and pricing.

Billing — Customer

POST /billing/customers

Create a Stripe customer for the authenticated account.

GET /billing/customers/me

Get current customer details.

Billing — Usage

POST /billing/usage

Record a usage event.

{ "metric": "api_calls", "quantity": 1 }
GET /billing/usage

Get usage counters for the current billing period.

Enterprise — Evidence

GET /evidence

Get compliance evidence records for auditing.

Enterprise — Monitoring

GET /monitoring/dashboard

Get real-time compliance monitoring dashboard data.

Enterprise — Vendors

GET /vendors

List third-party vendors and their compliance status.

Enterprise — Webhooks

GET /webhooks

List configured webhook endpoints.

Enterprise — Reports

GET /reports

Get compliance reports.

© 2026 PrivaBase. All rights reserved. | privabase.com