OpenLedger

Making fintech apps automatically truthful about data usage. AI-powered code analytics to create policies that are aligned with a platform's personal data collection and usage.

Comment

Inspiration

We were inspired to build this project in response to the transparency crisis in traditional privacy policies, and especially in Fintech fields. Currently, privacy policies are manually written and often don't match what the code actually does, and there is no real enforcement. This leads to users not actually being able to control their data usage.

What it does

OpenLedger is an automated compliance monitoring platform that scans fintech codebases to detect privacy policy violations, track data usage patterns, and generate compliance reports checked against privacy and data protection laws.

How we built it

We built it using Next.js with TypeScript, Supabase for authentication and data storage, and a custom AI agent pipeline powered by Google's Gemini API that automatically analyzes code for privacy violations and generates updated privacy policies.

What makes our Gemini implementation unique is our multi-agent architecture that processes complex codebases with rich context - we have a Parsing Agent that clones repositories and extracts code evidence while identifying privacy policy files and an Audit Agent that evaluates compliance against GDPR/CCPA/GLBA frameworks and generates new policies when violations are detected. Each agent feeds its structured output to the next, creating a streamlined pipeline where Gemini's contextual understanding flows from raw code analysis through compliance scoring to actionable policy generation, demonstrating how LLMs can orchestrate complex enterprise workflows when properly architected.

Challenges we ran into

We initially planned to use DigitalOcean's Gradient AI platform since it offered easy connections to external data through knowledge bases in addition to connecting agent workflows. However, we encountered difficulties with account authentication. This redirected us to use Google Gemini for our AI, which ended up working great for the project and allowed us to gain experience working with the Gemini API.

Accomplishments that we're proud of

We're proud that we successfully created a fully automated compliance detection system that can scan any GitHub repository, extract actual privacy policy content from text files, detect drift between code changes and policy updates, and provide real-time compliance scoring without requiring manual policy approval workflows. We're especially happy that we used Gemini to build multi-agent architecture that processes massive codebases with contextual understanding.

What we learned

We learned how to build complex AI agent pipelines that can process real-world codebases, the importance of proper database schema design for policy management, and how to create intuitive user interfaces that make complex compliance data accessible to developers and legal teams.

What's next for OpenLedger

OpenLedger prescribes a new policy and shows implementation details for user-controlled data toggles. This new policy is stored in our platform, but we plan to integrate OpenLedger into deployment strategies so that Fintech clients can directly integrate these toggles and updated policy into their platforms as they push new developments to production.

Built With

Share this project:

Updates