compliance
Industry Compliance
If you're building for healthcare, finance, education, or any regulated industry, there are rules about how you handle data. You probably already know the regulations from your professional life — but you don't know what they mean for software. This skill translates compliance requirements into concrete technical decisions.
This skill is for understanding what regulations mean for your tech stack. For implementing security controls (auth, encryption, rate limiting), use secure. For writing legal documents (ToS, Privacy Policy), use legal. For payment processing and PCI, use payments.
Disclaimer: This skill covers common compliance patterns. It is not legal advice. Consult a compliance specialist for your specific situation, especially before handling sensitive data in production.
Core Principles
- Compliance is not optional in regulated industries. Getting it wrong can kill your business.
- Most compliance requirements boil down to: who can see data, how is it stored, and what happens when something goes wrong.
- The right tech stack choices handle 80% of compliance for you. Don't reinvent the wheel.
- Compliance is cheaper to build in from the start than to retrofit later.
- You don't need SOC 2 certification at $0 MRR. But you do need to make decisions now that don't block certification later.
Don't Do Yet
More from whawkinsiv/claude-code-superpowers
secure
Use this skill when the user needs to secure their SaaS app, implement authentication, protect user data, secure APIs, or check for vulnerabilities. Also use when the user says 'is my app secure,' 'security check,' 'I'm worried about hackers,' 'how do I protect user data,' or 'security before launch.' Covers OWASP Top 10, auth best practices, data protection, and security checklists for apps built with AI tools.
158monitor
Use this skill when the user needs to set up production monitoring, track app health, configure error alerts, or respond to incidents. Also use when the user says 'my app went down,' 'how do I know if something breaks,' 'set up alerts,' 'is my app healthy,' or 'I found out from a user that my site was down.' Covers error tracking, uptime monitoring, performance metrics, and incident response for SaaS applications.
39debug
Use this skill when features break, users report errors, deployments fail, or tests don't pass. Guides systematic debugging: reproducing bugs, gathering diagnostic info, reading error messages, and working with AI tools to fix issues efficiently.
32build
Use this skill when the user needs to build features with AI coding tools, choose between Claude Code, Lovable, Replit, or Cursor, write effective prompts for code generation, or iterate on AI-generated code. Covers tool selection, prompting strategies, and development workflows for non-technical founders.
29test
Use this skill when the user needs to test features before deployment, create test scenarios, find edge cases, or verify bug fixes. Covers manual testing workflows, cross-browser testing, edge case identification, and testing checklists for non-technical founders.
23optimize
Use this skill when the user's app feels slow, the codebase feels bloated, or after significant development work. Also use when the user says 'my app is slow,' 'clean up my code,' 'reduce bundle size,' 'my hosting bill is too high,' or 'everything feels sluggish.' Optimizes across four dimensions: Speed (page load, API response), Code (unused files, dead code), Database (orphaned data, schema hygiene), and Dependencies (package bloat, bundle size).
22