How does the free plan work?

Sign up and start using PrivaBase immediately. No credit card required. The Starter plan includes 1 compliance framework, 5 checks per month, policy generator, website scanner, and access to the compliance feed.

What compliance frameworks do you support?

PrivaBase includes a broad beta framework catalog including GDPR, CCPA/CPRA, HIPAA, SOC 2, ISO 27001, PCI DSS, NIST, DORA, NIS2, US state privacy laws, and international frameworks. Public claims are limited to verified framework evidence.

How many integrations do you support?

The integration catalog includes provider implementations across cloud, identity, DevOps, MDM, HR, monitoring, and other categories. Live-verified integrations are limited to the dated beta evidence bundle.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Evidence is stored in Supabase Storage with framework-level access controls. We never share your data with third parties.

Do you offer annual billing?

Yes, save 20% with annual billing on all paid plans.

API Documentation | PrivaBase

API Overview

RESTful API

Standard HTTP methods (GET, POST, PUT, DELETE) with JSON request and response bodies

API Key Authentication

Secure API key authentication with role-based permissions and rate limiting

Webhook-ready API

Webhook patterns for compliance events, DSR status changes, and risk updates; availability is route-specific

Base URLs

Production:https://api.privabase.com/v1

Sandbox environments are enabled per beta customer; no public sandbox hostname is currently advertised.

Quick Start Guide

Get API Key

Generate an API key in your dashboard settings

Choose Environment

Use the production API for verified live calls; sandbox DNS is not currently advertised as live

Make First Request

Test authentication with a simple GET request

Handle Responses

Process JSON responses and handle errors properly

Authentication Example

curl -X GET "https://api.privabase.com/v1/account" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Expected Response:

{
  "id": "acc_123456789",
  "name": "Your Company",
  "plan": "professional",
  "status": "active"
}

API Categories

Data Mapping

Discover and map personal data across your systems

GET /api/v1/data-sources

POST /api/v1/data-discovery

GET /api/v1/data-map

Consent Management

Manage consent records and preferences

POST /api/v1/consent

GET /api/v1/consent/records

DELETE /api/v1/consent

Data Subject Requests

Process access, deletion, and portability requests

POST /api/v1/dsr

GET /api/v1/dsr/status

PUT /api/v1/dsr/response

Risk Assessment

Create and manage privacy risk assessments

POST /api/v1/risk-assessments

GET /api/v1/risks

PUT /api/v1/risks/{id}

Compliance Monitoring

Monitor compliance status and generate reports

GET /api/v1/compliance/status

GET /api/v1/reports

POST /api/v1/audits

Webhooks

Real-time notifications for compliance events

POST /api/v1/webhooks

GET /api/v1/webhooks

PUT /api/v1/webhooks/{id}

Common API Examples

Submit a Data Subject Request

Create a new DSR for access, deletion, or portability requests.

Request

POST /api/v1/dsr
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "type": "access",
  "subject_email": "user@example.com",
  "subject_name": "John Doe",
  "description": "Request for data access",
  "due_date": "2026-03-18T00:00:00Z"
}

Response200 OK

{
  "id": "dsr_123456789",
  "status": "pending",
  "type": "access",
  "subject_email": "user@example.com",
  "created_at": "2026-02-16T12:00:00Z",
  "due_date": "2026-03-18T00:00:00Z",
  "estimated_completion": "2026-02-25T12:00:00Z"
}

Record User Consent

Store consent records for GDPR and CCPA compliance.

Request

POST /api/v1/consent
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "user_id": "user_123456789",
  "consent_types": [
    "marketing",
    "analytics",
    "essential"
  ],
  "granted": true,
  "timestamp": "2026-02-16T12:00:00Z",
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0..."
}

Response201 Created

{
  "id": "consent_123456789",
  "user_id": "user_123456789",
  "status": "recorded",
  "consent_types": [
    "marketing",
    "analytics", 
    "essential"
  ],
  "granted": true,
  "recorded_at": "2026-02-16T12:00:00Z"
}

Check Compliance Status

Get real-time compliance scores and framework status.

Request

GET /api/v1/compliance/status
Authorization: Bearer YOUR_API_KEY

Response200 OK

{
  "overall_score": 92,
  "frameworks": {
    "gdpr": {
      "score": 94,
      "status": "compliant",
      "last_assessment": "2026-02-15T10:00:00Z"
    },
    "ccpa": {
      "score": 89,
      "status": "mostly_compliant", 
      "last_assessment": "2026-02-15T10:00:00Z"
    }
  },
  "active_dsrs": 3,
  "risk_level": "low"
}

Rate Limits

Starter Plan:1,000 requests/hour

Professional Plan:10,000 requests/hour

Enterprise Plan:100,000 requests/hour

Rate limit information is included in response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Error Responses

400 Bad Request:Invalid request format

401 Unauthorized:Invalid API key

403 Forbidden:Insufficient permissions

429 Too Many Requests:Rate limit exceeded

500 Internal Error:Server-side issue

REST API today

Use any HTTP client.

PrivaBase is API-first, and no PrivaBase package is required to integrate. SDKs are planned after the REST contract and package publishing workflow are verified.

JavaScript fetch

Works in Node.js, Next.js route handlers, and browser apps that call your server-side proxy.

await fetch('/api/v1/dsr', { method: 'POST' })

Python requests

Use standard HTTP clients while Python package support remains on the roadmap.

requests.get(f'{base_url}/api/v1/reports')

cURL / CI jobs

Automate privacy and compliance workflows from scripts without waiting for a package release.

curl https://api.privabase.com/api/v1/reports

Need Help with Integration?

The AI Concierge helps you integrate PrivaBase APIs with examples, diagnostics, and setup checklists. Get code examples and integration guidance without a human support queue.

Open AI Concierge Get API Access

API Overview

RESTful API

Standard HTTP methods (GET, POST, PUT, DELETE) with JSON request and response bodies

API Key Authentication

Secure API key authentication with role-based permissions and rate limiting

Webhook-ready API

Webhook patterns for compliance events, DSR status changes, and risk updates; availability is route-specific

Base URLs

Production:https://api.privabase.com/v1

Sandbox environments are enabled per beta customer; no public sandbox hostname is currently advertised.

Quick Start Guide

Get API Key

Generate an API key in your dashboard settings

Choose Environment

Use the production API for verified live calls; sandbox DNS is not currently advertised as live

Make First Request

Test authentication with a simple GET request

Handle Responses

Process JSON responses and handle errors properly

Authentication Example

curl -X GET "https://api.privabase.com/v1/account" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Expected Response:

{
  "id": "acc_123456789",
  "name": "Your Company",
  "plan": "professional",
  "status": "active"
}

API Categories

Data Mapping

Discover and map personal data across your systems

GET /api/v1/data-sources

POST /api/v1/data-discovery

GET /api/v1/data-map

Consent Management

Manage consent records and preferences

POST /api/v1/consent

GET /api/v1/consent/records

DELETE /api/v1/consent

Data Subject Requests

Process access, deletion, and portability requests

POST /api/v1/dsr

GET /api/v1/dsr/status

PUT /api/v1/dsr/response

Risk Assessment

Create and manage privacy risk assessments

POST /api/v1/risk-assessments

GET /api/v1/risks

PUT /api/v1/risks/{id}

Compliance Monitoring

Monitor compliance status and generate reports

GET /api/v1/compliance/status

GET /api/v1/reports

POST /api/v1/audits

Webhooks

Real-time notifications for compliance events

POST /api/v1/webhooks

GET /api/v1/webhooks

PUT /api/v1/webhooks/{id}

Common API Examples

Submit a Data Subject Request

Create a new DSR for access, deletion, or portability requests.

Request

POST /api/v1/dsr
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "type": "access",
  "subject_email": "user@example.com",
  "subject_name": "John Doe",
  "description": "Request for data access",
  "due_date": "2026-03-18T00:00:00Z"
}

Response200 OK

{
  "id": "dsr_123456789",
  "status": "pending",
  "type": "access",
  "subject_email": "user@example.com",
  "created_at": "2026-02-16T12:00:00Z",
  "due_date": "2026-03-18T00:00:00Z",
  "estimated_completion": "2026-02-25T12:00:00Z"
}

Record User Consent

Store consent records for GDPR and CCPA compliance.

Request

POST /api/v1/consent
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY

{
  "user_id": "user_123456789",
  "consent_types": [
    "marketing",
    "analytics",
    "essential"
  ],
  "granted": true,
  "timestamp": "2026-02-16T12:00:00Z",
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0..."
}

Response201 Created

{
  "id": "consent_123456789",
  "user_id": "user_123456789",
  "status": "recorded",
  "consent_types": [
    "marketing",
    "analytics", 
    "essential"
  ],
  "granted": true,
  "recorded_at": "2026-02-16T12:00:00Z"
}

Check Compliance Status

Get real-time compliance scores and framework status.

Request

GET /api/v1/compliance/status
Authorization: Bearer YOUR_API_KEY

Response200 OK

{
  "overall_score": 92,
  "frameworks": {
    "gdpr": {
      "score": 94,
      "status": "compliant",
      "last_assessment": "2026-02-15T10:00:00Z"
    },
    "ccpa": {
      "score": 89,
      "status": "mostly_compliant", 
      "last_assessment": "2026-02-15T10:00:00Z"
    }
  },
  "active_dsrs": 3,
  "risk_level": "low"
}

PrivaBase API Documentation

API Overview

RESTful API

API Key Authentication

Webhook-ready API

Base URLs

Quick Start Guide

Get API Key

Choose Environment

Make First Request

Handle Responses

Authentication Example

Expected Response:

API Categories

Data Mapping

Consent Management

Data Subject Requests

Risk Assessment

Compliance Monitoring

Webhooks

Common API Examples

Submit a Data Subject Request

Record User Consent

Check Compliance Status

Rate Limits

Error Responses

Use any HTTP client.

JavaScript fetch

Python requests

cURL / CI jobs

Need Help with Integration?

PrivaBase API Documentation

API Overview

RESTful API

API Key Authentication

Webhook-ready API

Base URLs

Quick Start Guide

Get API Key

Choose Environment

Make First Request

Handle Responses

Authentication Example

Expected Response:

API Categories

Data Mapping

Consent Management

Data Subject Requests

Risk Assessment

Compliance Monitoring

Webhooks

Common API Examples

Submit a Data Subject Request

Record User Consent

Check Compliance Status

Rate Limits

Error Responses

Use any HTTP client.

JavaScript fetch

Python requests

cURL / CI jobs

Need Help with Integration?