Building an AI-Powered Regulatory Compliance Platform from Zero to MVP
The cannabis and hemp industry operates under a patchwork of regulations that vary dramatically by state, county, and municipality. Businesses face the impossible task of tracking thousands of evolving regulatory requirements across jurisdictions — from licensing and packaging to testing and advertising restrictions. Existing solutions amounted to expensive legal consultations that took days to provide answers, or manual spreadsheets that were outdated the moment they were created.
Comply Assist AI was born from a simple premise: what if compliance officers could ask a natural-language question and get an accurate, sourced answer in seconds? I built a full-stack SaaS platform that does exactly that — ingesting regulatory documents, processing them through custom NLP pipelines, and presenting answers with direct citations to the relevant statutes.
Three interconnected problems made this uniquely difficult:
Cannabis regulations span federal, state, and local jurisdictions with frequent changes. A single compliance question might touch dozens of regulatory documents across multiple government agencies.
Unlike a general chatbot, wrong compliance answers can result in fines, license revocation, or criminal liability. The AI needed to be not just fast, but provably accurate with source attribution.
The cannabis industry is classified as "high-risk" by virtually every payment processor. Stripe, Square, PayPal — all refuse to serve cannabis businesses. Finding and integrating a processor willing to work with the industry was a project unto itself.
React with TypeScript — component-driven UI with real-time streaming AI responses, autocomplete search, and jurisdiction filtering.
Custom RAG pipeline using OpenAI and Anthropic APIs. Regulatory documents are chunked, embedded as vectors, and stored in PostgreSQL with pgvector for semantic search.
Multi-stage prompt pipeline — first retrieves relevant context, then generates the answer with confidence scoring, then formats with source citations.
Serverless deployment for cost efficiency. Authorize.net integration with custom compliance verification flows for high-risk industry accounts.
async function generateComplianceAnswer(query: string, jurisdiction: string) {const embedding = await createEmbedding(query);const context = await db.query(` SELECT content, citation, url FROM regulations WHERE jurisdiction = $1 ORDER BY embedding <-> $2 LIMIT 5 `, [jurisdiction, embedding]);return await llm.generate({messages: [{ role: 'system', content: SYSTEM_PROMPT },{ role: 'user', content: buildPrompt(query, context) }], temperature: 0.1});}Most payment processors refuse cannabis businesses outright. I spent weeks researching alternatives, ultimately integrating Authorize.net — one of the few established processors serving the industry. The integration required building custom compliance verification flows that go beyond standard payment processing.
A wrong answer about cannabis regulations could cost a business its license. I engineered a multi-stage prompt pipeline with confidence scoring, source citation, and hallucination detection. Every answer includes direct references to the specific regulatory text it's based on.
Regulations reference each other across jurisdictions — federal rules set a floor, state laws add requirements, and local ordinances layer on top. I built a knowledge graph that maps regulatory relationships so the system can surface all applicable rules for a given jurisdiction and topic.
Successfully launched the MVP, onboarding early customers and processing payments in an industry where most processors refuse service. All architecture, frontend, backend, AI, and payments were built by one person.
Ask me about Kyle's skills, experience, or projects