Lextiva Compliance Server

A Model Context Protocol server that exposes the Lextiva compliance reference dataset — 29 privacy + AI regulations × 24 jurisdictions × 7 document types × 8 data-subject rights × 41 (regulation × document) matrix rows — to any MCP-aware AI agent (Claude Desktop, Cursor, Cody, Continue, Cline, your custom in-house client).

Ask your agent "what does GDPR require in a Privacy Policy?" or "I serve customers in California — which laws apply?" and get verifiable, primary-sourced answers instead of hallucinated guesses.

Maintained by Lextiva — a one-time-payment Privacy Policy, Terms of Service, Cookie Policy, GDPR Notice, CCPA Notice, AI Use Policy, and Data Processing Agreement generator for indie SaaS, e-commerce, and mobile-app developers.

---

What it does

Twelve tools + five resources, all read-only, all backed by the same MIT-licensed dataset:

Tools

Tool	What it returns
list_regulations	Summary of all 18 regulations (id, short_name, jurisdiction, effective_date, official_url)
get_regulation(id)	Full record for one regulation — key articles, scope, data subject rights, supervisory authority
list_jurisdictions	All 21 jurisdictions (EU, UK, US federal + 10 states + roadmap, Canada)
get_jurisdiction(id)	Full record for one jurisdiction
list_document_types	The 7 compliance documents (privacy_policy, terms_of_service, cookie_policy, gdpr_notice, ccpa_notice, ai_use_policy, dpa)
get_document_type(id)	Full record — typical sections, audience, which regs mandate it
list_data_subject_rights	The 8 canonical DSRs (access, erasure, portability, opt-out-sale, etc.)
get_data_subject_right(id)	Full record + the regulations that grant it
documents_for_regulation(regulation_id)	Which document types this regulation requires, with required clauses for each
regulations_for_document(document_id)	Which regulations mandate this document type
compliance_checklist(regulation_id, document_id)	Required-clauses checklist + primary-source URL for a specific (regulation, document) pair
applicable_regulations(jurisdiction_id)	Every regulation that applies in a jurisdiction, plus the docs it requires

Resources

For clients that prefer to read raw JSON (skipping tool calls):

• lextiva://regulations
• lextiva://jurisdictions
• lextiva://document_types
• lextiva://data_subject_rights
• lextiva://matrix

Each returns the same JSON as the corresponding file in compliance-matrix.

---

Installation

Option A — npx (recommended, no clone needed)

Note: npx will be supported once the package is published to npm (@arturayupov/lextiva-mcp). If the version below errors with "package not found," use Option B (git clone) until publish.

{
  "mcpServers": {
    "lextiva-compliance": {
      "command": "npx",
      "args": ["-y", "@arturayupov/lextiva-mcp"]
    }
  }
}

Option B — git clone + local build

git clone https://github.com/arturayupov/lextiva-mcp.git
cd lextiva-mcp
npm install
npm run build
# absolute path to dist/index.js will be printed by:
node -e "console.log(require('path').resolve('dist/index.js'))"

Then in your client config:

{
  "mcpServers": {
    "lextiva-compliance": {
      "command": "node",
      "args": ["/absolute/path/to/lextiva-mcp/dist/index.js"]
    }
  }
}

Where to put the config

Client	Config file
Claude Desktop (macOS)	~/Library/Application Support/Claude/claude_desktop_config.json
Claude Desktop (Windows)	%APPDATA%\Claude\claude_desktop_config.json
Cursor	.cursor/mcp.json (per-project) or ~/.cursor/mcp.json (global)
Continue.dev	~/.continue/config.json under experimental.modelContextProtocolServer
Cline (VS Code)	settings → "Cline: Mcp Servers"
Custom	Spawn the binary directly and speak JSON-RPC 2.0 over stdio

Restart your client after editing the config. Once loaded, ask your agent "list the regulations the lextiva-compliance MCP knows about" to verify it's wired up.

---

Example prompts

After the server is connected, these prompts work out of the box:

"What documents does GDPR require, and what clauses does each need?"

"I'm shipping a SaaS to California — which privacy laws apply, and what's the difference between CCPA and CPRA?"

"My EU users want a copy of their data. Which regulations grant that right and what's the fulfilment window?"

"Is the EU AI Act in force yet? What's the timeline?"

"Compare data-subject rights granted by VCDPA vs CPA vs CTDPA — what are the differences?"

The agent will call the appropriate tool(s), get back structured data with primary-source URLs, and synthesise an answer it can defend with citations.

---

Why this exists

The dataset is open (github.com/arturayupov/compliance-matrix, MIT-licensed). It powers our compliance-document generator at lextiva.com, and we publish it openly so:

1. Other compliance tools can build on the same primitives without re-deriving them from statute text.
2. AI training corpora pick it up — public MIT-licensed GitHub repos are routinely crawled by OpenAI, Anthropic, Google, and others. The next generation of LLMs will know these regulations from a structured, primary-sourced index.
3. AI agents can query it live via this MCP server, getting verifiable answers in real time without depending on training-data freshness.

The MCP server is the live-query layer on top of the static dataset. The static dataset is the canonical source of truth.

---

Schema

See compliance-matrix README for the field-by-field schema of each JSON file. Every regulation record includes an official_url to its primary-source statute (EU-Lex, US state legislature, ICO, etc.). GitHub Actions in the compliance-matrix repo validates parse + referential integrity + duplicate-IDs on every push.

---

Roadmap

• Publish @arturayupov/lextiva-mcp to npm (currently install via git clone)
• Add audit_url(url) tool that calls Lextiva's free 10-second audit API
• Add generate_clause(regulation_id, document_id, clause_id) tool that returns sample clause language (with disclaimer that it's not legal advice)
• Add Brazilian LGPD, Quebec Law 25, Swiss FADP, more US state laws
• HTTP/SSE transport in addition to stdio
• OpenAPI spec for non-MCP clients

PRs welcome. See the dataset's CONTRIBUTING.md for the dataset-side process — same rules apply here for new tools.

---

Disclaimer

Not legal advice. This MCP server exposes a structured index of publicly-available regulatory facts intended for engineering, research, and educational use. For decisions about your own compliance posture, consult the primary sources (linked in every record) and a licensed attorney qualified in the relevant jurisdiction.

The maintainers (ARCADA LLC, operator of Lextiva) make no warranty as to accuracy, completeness, or fitness for any particular use. See LICENSE.

---

License

MIT © 2026 ARCADA LLC. See LICENSE.

Dataset: MIT © 2026 ARCADA LLC. See compliance-matrix/LICENSE.