LGPD — Lei Geral de Proteção de Dados (Brazil)
Brazil's LGPD is fully enforced by the ANPD (National Data Protection Authority). With 214 million internet users and one of the world's fastest-growing B2B SaaS markets, LGPD compliance is mandatory for any company operating in Brazil.
The Developer Problem
Brazilian law requires consent management in Portuguese, data subject rights in Portuguese, and a DPO appointment. Most international SaaS companies have none of these localized.
What You Must Build
These are the exact technical components regulators will check for:
Consent management platform in Brazilian Portuguese
DSAR response pipeline (15 days to respond under LGPD)
DPO contact information publicly displayed
Data processing register (inventário de dados)
Incident notification to ANPD within 72 hours
Consequences of Non-Compliance
Fines up to R$50 million per violation
Suspension of data processing activities in Brazil
ANPD public database listing non-compliant companies
Drop-In Code Solution
Instead of building this from scratch (2–6 weeks of engineering time), use this production-ready package that implements all the required components above.
A lightweight TypeScript middleware wrapper. It intercepts the prompt at the Edge before it leaves your network, uses optimized local regex + lightweight NER to identify and hash all sensitive data, sends the clean prompt to the AI API, and decodes hashes back into real values only inside the secure browser context.
// pii-masker.edge.ts — intercept before prompt leaves network
import { maskPII, unmaskPII } from './pii-masker.edge'
// In your Next.js API route:
export async function POST(req: Request) {
const { prompt } = await req.json()
// Mask PII before sending to OpenAI
const { cleanPrompt, vault } = await maskPII(prompt)
const response = await openai.chat.completions.create({
messages: [{ role: 'user', content: cleanPrompt }]
})
// Restore real values only for the user's browser
const safeResponse = unmaskPII(response.choices[0].message.content, vault)
return Response.json({ content: safeResponse })
}