First-pass continuous compliance, automated
Catch 80% of regulatory violations automatically — whether you're a compliance team running reviews or a developer shipping code. Reduce review cycles from weeks to days.
For Compliance Teams • For Developers
Financial Services (~155 rules)
Privacy & Healthcare (~70 rules)
Advertising & Visual (~26 rules)
Choose your path
QCME works for both compliance teams and developers. Pick the workflow that fits your role.
First-pass review that actually saves you time
Stop spending 40+ hours manually reviewing every marketing site. Let QCME handle the first pass so you can focus on judgment calls.
QCME augments your existing review process — it doesn't replace it. Your compliance team stays in control while QCME handles the time-consuming first pass.
Web-Based Scanner
Enter any URL and get a compliance report in under 60 seconds. No IT involvement, no code access needed.
- • Scan competitor sites or your own properties
- • No software installation required
- • Works with any public URL
Scheduled Daily Scans
Set it and forget it. QCME automatically scans your sites daily and alerts you when new violations appear.
- • Daily, weekly, or custom schedules
- • Email alerts for new violations
- • Track compliance drift over time
Audit Trail & Documentation
Every scan captures a full screenshot and timestamp. Build a compliance archive ready for audits and regulatory review.
- • Timestamped screenshots for every scan
- • One-click PDF export
- • Complete scan history
AI-Powered Compliance Chat
Ask questions about any page: "Does this have required disclaimers?" Get answers grounded in actual regulations.
- • Natural language questions
- • Answers cite specific regulations
- • Flag issues to developers instantly
Sound familiar?
- "We spend 40 hours reviewing every marketing site update"
- "I'm playing email tag with developers over screenshot annotations"
- "I'm worried about missing something in manual review"
Try it now - scan any website
Enter a URL to scan for FINRA, SEC, HIPAA, GDPR, CCPA, and FTC compliance violations. No signup required.
Sign up to schedule recurring scans and build a complete audit trail with timestamped snapshots for regulatory review.
Shift-left compliance scanning
Stop waiting for compliance to review your PR. Catch issues during development, not after.
CLI-First Experience
npm install -g @qcme/cli
qcme scan localhost:3000
- • Runs locally — scan before you push
- • JSON output for automation
- • Human-readable for debugging
CI/CD Integration
# .github/workflows/compliance.yml
- uses: qcme/action@v1
with:
framework: all
- • GitHub Action runs on every PR
- • Violations appear as PR comments
- • Optional: block merge until passing
No Regulatory Expertise Required
You don't need to know what FINRA 2210(d)(1)(F) means. Get plain-English explanations you can act on.
Violation found:
"Remove performance predictions — past results don't guarantee future returns"
Sound familiar?
- "My PR has been blocked for a week waiting on compliance review"
- "I got vague feedback like 'this feels non-compliant'"
- "Our release is blocked on a 2-week review cycle"
Works on macOS, Linux, and Windows. Requires Node.js 18+
Get started in 30 seconds
From install to first compliance scan — it's that simple.
# Install globally$ npm install -g @qcme/cli# Scan any URL (no login required for basic scans)$ qcme scan https://your-site.com --framework all# Or scan localhost during development$ qcme scan http://localhost:3000 --framework finra-2210# Get JSON output for automation$ qcme scan https://your-site.com --format json > report.json
Works on macOS, Linux, and Windows. Requires Node.js 18+.
How It Works
From 40 hours to 8 hours per review
QCME integrates into your development workflow to catch violations before they reach your compliance team.
Traditional Process
~40 hours per review cycle
Developer builds page
Marketing site goes to compliance
Compliance reviews everything
Manual review of all content, charts, disclosures
Back-and-forth cycles
Multiple rounds of revisions and re-reviews
Legal sign-off
Final review before launch
Automated First-Pass
~8 hours per review cycle
Developer or AI Agent builds page or marketing site
QCME scans automatically in CI/CD
Auto-flags 80% of issues
Violations caught before compliance sees it
Compliance reviews 20%
Focus only on edge cases and judgment calls
Audit-ready report
Documentation for regulatory review
Fits into your existing workflow
No new tools to learn. QCME integrates where your team already works.
Developer
Builds page
PR Created
QCME scans
Issues Flagged
In PR comments
Compliance
Reviews flagged items
Audit Report
Auto-generated
Continuous Monitoring
Not just one-time scans
Schedule automated scans of your production sites. Get alerts when new compliance issues appear—before regulators find them.
Scheduled Scans
Daily, weekly, or on every deployment
Instant Alerts
Slack, email, or webhook notifications
Web Scanner
Monitor any URL—no code integration required
Pro tip: Use our web scanner to monitor competitor sites for compliance best practices.
Complete Audit Trail
Every snapshot, every decision
Every scan captures a full snapshot of your site. When regulators or auditors ask for documentation, you have timestamped proof of compliance review.
Production scan
2:34 PM0 violations • 47 rules checked
Jan 15, 2026PR #142 merged
11:22 AMFixed 2 FINRA-2210 violations
Jan 14, 2026PR #142 scan
9:15 AM2 violations flagged
Jan 14, 2026Weekly scan
4:00 PM0 violations • Screenshot archived
Jan 12, 2026Multi-Framework Compliance
250+ rules across 10 frameworks
Comprehensive coverage of FINRA, SEC, GIPS, HIPAA, GDPR, CCPA, and FTC regulations—from financial services to healthcare privacy and advertising compliance.
FINRA 2210
50 rulesCommunications with Public
50+ rules covering performance claims, testimonials, recommendations, and balanced presentation
FINRA 2211-2220
30 rulesSpecialized Communications
30 rules for variable life insurance, investment rankings, CMOs, and options communications
SEC Rule 482
15 rulesFund Advertising
15 rules for standardized performance periods, fee disclosure, and required legends
SEC Marketing Rule
20 rulesInvestment Adviser Marketing
20 rules for adviser marketing, testimonials, endorsements, and performance advertising
GIPS
40 rulesInvestment Performance Standards
40 rules for performance presentation, required disclosures, and advertising guidelines
HIPAA
30 rulesHealthcare Privacy & Security
30 rules for PHI protection, consent requirements, privacy notice compliance, and data security
GDPR
25 rulesEU Data Protection
25 rules for cookie consent, privacy policies, data subject rights, and international transfers
CCPA
15 rulesCalifornia Privacy
15 rules for Do Not Sell links, data disclosure, opt-out mechanisms, and consumer rights
FTC
20 rulesTruth in Advertising
20 rules for endorsement disclosure, substantiated claims, fee transparency, and consumer protection
Visual AI
6 rulesChart & Fine Print Analysis
6 visual checks for misleading charts, truncated axes, and disclosure visibility
Financial Services (~155 rules)
Communications with Public
+42 more rules covering testimonials, recommendations, balanced presentation
Specialized Communications
Variable life insurance, investment rankings, CMOs, security futures, and options communications
Fund Advertising
+10 more rules for performance reporting
Investment Adviser Marketing
Modernized rules for testimonials, endorsements, performance advertising, and third-party ratings
Privacy & Healthcare (~70 rules)
Healthcare Privacy & Security
+26 more rules for PHI protection and data security
EU Data Protection
+20 more rules for data subject rights and compliance
Advertising & Visual Analysis (~26 rules)
Truth in Advertising
+15 more rules for consumer protection and disclosure requirements
Visual Compliance
All 250+ rulesPro FeatureScreenshot analysis for visual presentation compliance
Checks every rule for visual compliance:
- Font size & legibility (min 12px)
- Color contrast (4.5:1 ratio)
- Disclosure prominence vs. claims
- Placement & proximity to claims
- Charts: Y-axis, labels, benchmarks
Disclosures can pass text scan but fail visual compliance (e.g., 8px gray font)
Example Violations We Catch
FINRA-2210-PERFPerformance prediction without required disclaimers
"Our fund will return 15% annually"
HIPAA-PHI-FORMPHI collection form without Notice of Privacy Practices
"<form> with SSN field, no privacy notice link"
GDPR-CONSENT-BANNERTracking scripts loaded without cookie consent
"Google Analytics loaded before consent"
CCPA-DNS-LINKMissing 'Do Not Sell My Personal Information' link
"Footer missing required link"
FTC-ENDORSEMENTEndorsement without #ad or sponsorship disclosure
""Best product ever!" - @influencer"
VIS-CHART-AXISY-axis truncation may exaggerate performance gains
"[Chart with Y-axis starting at 50]"
Built for Enterprise Compliance Teams
Everything you need for regulatory examinations, internal audits, and team collaboration
Audit-Ready Reports
Generate PDF documentation for regulatory review and internal audits
SSO/SAML Integration
Coming SoonEnterprise authentication with your existing identity provider
Custom Rules
Create rules for internal policies beyond regulatory requirements
Team Collaboration
Coming SoonRole-based access with reviewer, approver, and admin permissions
Full Audit Logs
Complete history of scans, decisions, and sign-offs for compliance records
SOC 2 Type II
Coming SoonEnterprise-grade security with annual third-party audits
API Access
Coming SoonIntegrate QCME into your existing compliance management systems
SLA Guarantees
99.9% uptime with dedicated support and priority response
Pre-review tool: QCME catches potential violations before your compliance team reviews. Your legal and compliance teams have final authority.
All 250+ rules across 10 frameworks included in every plan
Simple, transparent pricing
Start free, upgrade when you need more. No credit card required.
Free
For developers evaluating QCME
- 1 site
- 5 scans/month
- Visual Compliance (all rules)
- All 250+ compliance rules
- CLI access
- Basic violation reporting
Starter
Small teams: developers + 1-2 compliance reviewers
- 5 sites
- 50 scans/month
- Visual Compliance (all rules)
- All 250+ compliance rules
- CLI access
- Email support
- Dashboard reporting
Pro
Compliance teams with CI/CD + audit trails
- 10 sites
- Unlimited scans
- All 250+ compliance rules
- Visual Compliance (all rules)
- CI/CD integration
- Audit-ready PDF reports
- Team collaboration
- API access
- Priority email support
Enterprise
Large orgs with multiple development teams
- Unlimited sites
- Unlimited scans
- Custom internal policy rules
- Visual Compliance analysis
- SSO/SAML integration
- Full audit logs for regulatory exams
- Audit-ready documentation
- SLA guarantees (99.9%)
- Dedicated support
- On-premise deployment option
All plans include all 10 compliance frameworks with 250+ rules: FINRA, SEC, GIPS, HIPAA, GDPR, CCPA, and FTC.