Privacy & AI regulation API

Every law your software
needs to know

Privacy regulations and AI governance laws across 28 jurisdictions — structured for code. REST API, Python SDK, and MCP server.

Get Free API Key View on GitHub

claude mcp add --scope user brehon -e BREHON_API_KEY=YOUR_API_KEY -- npx -y brehon-mcp-server

GDPR · CCPA · EU AI Act · PIPEDA · UK GDPR · LGPD · PIPL · DPDPA · + 24 more

Claude Code
My application processes data for users in California and the EU — what do we need to comply with?
▸ brehon.get_applicable_laws({jurisdictions: ["California", "European Union"]})
For California + EU users, 4 laws apply to your application:
Privacy LawsGDPR (EU) – Effective since May 2018 – CCPA (California) – Effective since Jan 2020 – CPRA (California) – Effective since Jan 2023 AI GovernanceEU AI Act – Effective since Feb 2025
Want me to pull the detailed requirements for any of these — such as data subject rights, legal bases for processing, penalties, or exemptions?

Real regulatory data, not hallucinations

Works in Claude, Cursor & Open Code

Add the MCP server once — every conversation gets access to 32 privacy laws.

Ask in natural language

No endpoints to memorize. Just ask your question and get structured answers.

Live data, not training data

Live from the API — not baked into training data or a static prompt.

Structured data vs. general-purpose AI

Same question. Very different answers.

General-purpose AI

No data source
Question
What legal bases can a SaaS use in Brazil and South Korea?
Brazil — Consent
No article reference provided
Brazil — Legitimate Interest
No article reference — "balancing test needed"
Korea — Legitimate Interest
"Extremely limited" — no statutory citation, no nuance on the 2023 amendment wording
Korea — Cross-border transfers
Mentioned in passing — no article, no separate consent requirement flagged
Brazil — Sensitive data
Not mentioned at all
Art. 11 blocks legitimate interest for sensitive data — a critical omission for health/biometric SaaS

Brehon MCP

Live API data
Question
What legal bases can a SaaS use in Brazil and South Korea?
Brazil — Consent
Must be free, informed, unambiguous, and for a specific purpose Art. 7(I)
Brazil — Legitimate Interest
Requires a documented balancing test Art. 7(IX)
Korea — Legitimate Interest
Added in 2023 amendment — must "clearly override" the subject's rights, inverting the typical GDPR framing Art. 15(1)(6)
Korea — Cross-border transfers
Requires separate opt-in consent for overseas data transfer Art. 28-2
Brazil — Sensitive data
Legitimate interest is not available for sensitive data — explicit, specific consent required Art. 11

Every answer from Brehon includes the statutory article — ready for a legal memo, not just a Slack message.

Built for compliance engineering

Everything you need to integrate privacy law data into your applications.

§

32 Laws

Comprehensive coverage of privacy regulations from GDPR to emerging frameworks.

28 Jurisdictions

Global coverage spanning the EU, US states, Canada, Brazil, China, India, and more.

{}

Structured Data

Consistent JSON schema across all laws — provisions, rights, penalties, and requirements.

/

Full-text Search

Search across all laws by keyword, provision type, or requirement category.

Compare Laws

Side-by-side comparison of any two regulations across key compliance dimensions.

AI-Native (MCP)

Your AI assistant gets direct access to 32 privacy laws. Ask questions in natural language — no API calls to write.

Three ways to integrate

MCP server, Python SDK, or REST API — pick what fits your stack.

MCP Server

Add to Claude, Cursor, or Open Code.

{
  "mcpServers": {
    "brehon": {
      "command": "npx",
      "args": [
        "-y",
        "brehon-mcp-server"
      ],
      "env": {
        "BREHON_API_KEY": "..."
      }
    }
  }
}

Python SDK

Async-first, fully typed.

pip install brehon

from brehon import BrehonClient

client = BrehonClient("YOUR_KEY")

# Get a specific law
gdpr = await client.laws.get("gdpr")

# Search across all laws
results = await client.search(
    "breach notification"
)

REST API

Standard HTTP — works with any language.

curl https://api.brehon.dev/api/v1/laws \
  -H "Authorization: Bearer $KEY"

curl https://api.brehon.dev/api/v1/search \
  -d '{"q": "data breach"}'

Simple pricing

Start free. Upgrade when you need more.

Free

$0
Free
  • All 32 privacy laws
  • Full search & compare
  • 60 requests / minute
  • 10,000 requests / day
  • Community support
Get API Key

Pro

$19/mo
For production workloads
  • Everything in Free
  • 120 requests / minute
  • Priority support
  • Early access to new laws
  • Webhook notifications
Coming soon