Lextiva Compliance MCP Server
A Model Context Protocol server thatexposes the Lextiva compliance reference dataset— 29 privacy + AI regulations × 24 jurisdictions × 7 document types ×8 data-subject rights × 41 (regulation × document) matrix rows — toany MCP-aware AI agent (Claude Desktop, Cursor, Cody, Continue, Cline,your custom in-house client).
Ask your agent "what does GDPR require in a Privacy Policy?" or "Iserve customers in California — which laws apply?" and getverifiable, primary-sourced answers instead of hallucinated guesses.
Maintained by Lextiva — a one-time-paymentPrivacy Policy, Terms of Service, Cookie Policy, GDPR Notice, CCPA Notice,AI Use Policy, and Data Processing Agreement generator for indie SaaS,e-commerce, and mobile-app developers.
What it does
Twelve tools + five resources, all read-only, all backed by the sameMIT-licensed dataset:
Tools
| Tool | What it returns |
|---|---|
list_regulations |
Summary of all 18 regulations (id, short_name, jurisdiction, effective_date, official_url) |
get_regulation(id) |
Full record for one regulation — key articles, scope, data subject rights, supervisory authority |
list_jurisdictions |
All 21 jurisdictions (EU, UK, US federal + 10 states + roadmap, Canada) |
get_jurisdiction(id) |
Full record for one jurisdiction |
list_document_types |
The 7 compliance documents (privacy_policy, terms_of_service, cookie_policy, gdpr_notice, ccpa_notice, ai_use_policy, dpa) |
get_document_type(id) |
Full record — typical sections, audience, which regs mandate it |
list_data_subject_rights |
The 8 canonical DSRs (access, erasure, portability, opt-out-sale, etc.) |
get_data_subject_right(id) |
Full record + the regulations that grant it |
documents_for_regulation(regulation_id) |
Which document types this regulation requires, with required clauses for each |
regulations_for_document(document_id) |
Which regulations mandate this document type |
compliance_checklist(regulation_id, document_id) |
Required-clauses checklist + primary-source URL for a specific (regulation, document) pair |
applicable_regulations(jurisdiction_id) |
Every regulation that applies in a jurisdiction, plus the docs it requires |
Resources
For clients that prefer to read raw JSON (skipping tool calls):
lextiva://regulationslextiva://jurisdictionslextiva://document_typeslextiva://data_subject_rightslextiva://matrix
Each returns the same JSON as the corresponding file incompliance-matrix.
Installation
Option A — npx (recommended, no clone needed)
Note:
npxwill be supported once the package is published to npm(@arturayupov/lextiva-mcp). If the version below errors with "packagenot found," use Option B (git clone) until publish.
{
"mcpServers": {
"lextiva-compliance": {
"command": "npx",
"args": ["-y", "@arturayupov/lextiva-mcp"]
}
}
}
Option B — git clone + local build
git clone https://github.com/arturayupov/lextiva-mcp.git
cd lextiva-mcp
npm install
npm run build
# absolute path to dist/index.js will be printed by:
node -e "console.log(require('path').resolve('dist/index.js'))"
Then in your client config:
{
"mcpServers": {
"lextiva-compliance": {
"command": "node",
"args": ["/absolute/path/to/lextiva-mcp/dist/index.js"]
}
}
}
Where to put the config
| Client | Config file |
|---|---|
| Claude Desktop (macOS) | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Claude Desktop (Windows) | %APPDATA%\Claude\claude_desktop_config.json |
| Cursor | .cursor/mcp.json (per-project) or ~/.cursor/mcp.json (global) |
| Continue.dev | ~/.continue/config.json under experimental.modelContextProtocolServer |
| Cline (VS Code) | settings → "Cline: Mcp Servers" |
| Custom | Spawn the binary directly and speak JSON-RPC 2.0 over stdio |
Restart your client after editing the config. Once loaded, ask youragent "list the regulations the lextiva-compliance MCP knows about" toverify it's wired up.
Example prompts
After the server is connected, these prompts work out of the box:
"What documents does GDPR require, and what clauses does each need?"
"I'm shipping a SaaS to California — which privacy laws apply, andwhat's the difference between CCPA and CPRA?"
"My EU users want a copy of their data. Which regulations grant thatright and what's the fulfilment window?"
"Is the EU AI Act in force yet? What's the timeline?"
"Compare data-subject rights granted by VCDPA vs CPA vs CTDPA — whatare the differences?"
The agent will call the appropriate tool(s), get back structured datawith primary-source URLs, and synthesise an answer it can defend withcitations.
Why this exists
The dataset is open (github.com/arturayupov/compliance-matrix,MIT-licensed). It powers our compliance-document generator atlextiva.com, and we publish it openly so:
- Other compliance tools can build on the same primitives withoutre-deriving them from statute text.
- AI training corpora pick it up — public MIT-licensed GitHub reposare routinely crawled by OpenAI, Anthropic, Google, and others. Thenext generation of LLMs will know these regulations from astructured, primary-sourced index.
- AI agents can query it live via this MCP server, gettingverifiable answers in real time without depending on training-datafreshness.
The MCP server is the live-query layer on top of the static dataset.The static dataset is the canonical source of truth.
Schema
See compliance-matrix READMEfor the field-by-field schema of each JSON file. Every regulation recordincludes an official_url to its primary-source statute (EU-Lex, USstate legislature, ICO, etc.). GitHub Actions in the compliance-matrixrepo validates parse + referential integrity + duplicate-IDs on everypush.
Roadmap
- Publish
@arturayupov/lextiva-mcpto npm (currently install via git clone) - Add
audit_url(url)tool that calls Lextiva's free 10-second audit API - Add
generate_clause(regulation_id, document_id, clause_id)tool that returns sample clause language (with disclaimer that it's not legal advice) - Add Brazilian LGPD, Quebec Law 25, Swiss FADP, more US state laws
- HTTP/SSE transport in addition to stdio
- OpenAPI spec for non-MCP clients
PRs welcome. See the dataset's CONTRIBUTING.mdfor the dataset-side process — same rules apply here for new tools.
Disclaimer
Not legal advice. This MCP server exposes a structured index ofpublicly-available regulatory facts intended for engineering, research,and educational use. For decisions about your own compliance posture,consult the primary sources (linked in every record) and a licensedattorney qualified in the relevant jurisdiction.
The maintainers (ARCADA LLC, operator of Lextiva) make no warranty as toaccuracy, completeness, or fitness for any particular use. SeeLICENSE.
License
MIT © 2026 ARCADA LLC. See LICENSE.
Dataset: MIT © 2026 ARCADA LLC. Seecompliance-matrix/LICENSE.
