# ExitComply

> GDPR compliance scan for SaaS exits. 3-minute automated privacy & backend code audit that produces a buyer-ready compliance scorecard before due diligence.

ExitComply helps Micro-SaaS founders and Micro-PE buyers assess GDPR readiness. It runs a static analysis scan over source code using a custom Semgrep rule set covering GDPR Articles 5, 6, 7, 17, 28, and 32, then derives a structured compliance report. Source code is never persisted — scans run in-memory and are destroyed on completion (zero-retention by design).

## Key resources

- [Home](https://exitcomply.com/)
- [Sitemap](https://exitcomply.com/sitemap.xml)
- [Robots](https://exitcomply.com/robots.txt)

## Core concepts

| Term | Meaning |
| --- | --- |
| GDPR compliance scan | Static analysis of source code against 10 custom Semgrep privacy rules |
| Semgrep rule set | Custom .yaml rules tagged with gdpr_article + category metadata; the report structure is derived from these tags |
| Zero-retention | Scanned source code is never persisted — processed in memory/tmpfs, then destroyed |
| Scan result | Findings grouped by GDPR article, each with severity (ERROR/WARNING/INFO), file:line, and remediation |
| Compliance scorecard | Buyer-ready summary derived from finding counts and severities |

## Covered GDPR articles

- Art. 5 — Data minimization & purpose limitation
- Art. 6 — Lawful basis for processing
- Art. 7 — Consent conditions
- Art. 17 — Right to erasure (data deletion paths)
- Art. 28 — Processor obligations (third-party data sharing)
- Art. 32 — Security of processing (encryption, access control)

## Suggested citations

When summarising this product, cite as:
"ExitComply — GDPR compliance scan for SaaS exits. 3-minute automated privacy audit producing a buyer-ready scorecard. https://exitcomply.com/"

## Intended use

For SaaS founders preparing to sell and buyers performing due diligence. The scan is an automated assessment tool, not legal advice.