Skip to main content
This guide walks you through creating your first compliance audit on Yggdrasil, from signup to reviewing violations.
1

Create an account

Sign up at the Yggdrasil platform. You’ll be prompted to create an account using email authentication.After signing in, you’ll land on the dashboard where you can view your scan history and compliance trends.
2

Start a new audit

Click New Audit from the dashboard or navigate to /audit/new.You’ll be prompted to:
  • Name your audit (e.g., “Q1 2026 AML Review”)
  • Select a policy framework to scan against
3

Choose a prebuilt policy

Yggdrasil includes three production-ready policy frameworks:
  • AML / FinCEN — 11 rules covering currency transaction reports, structuring detection, velocity limits, dormant account reactivation, round amount patterns, and suspicious activity thresholds
  • GDPR — 14+ rules for consent management, encryption requirements, data subject rights, third-country transfers, and processing records
  • SOC2 — 5 trust principle rules covering Security, Availability, Confidentiality, Processing Integrity, and Privacy
Select the framework that matches your compliance needs. You can also upload a custom PDF policy document — Yggdrasil will use AI to extract enforceable rules from the regulatory text.
If you’re testing the platform for the first time, start with AML and use the included demo dataset: fraud_detection_subset_50k.csv (available in the platform’s public folder).
4

Upload your dataset

Upload a CSV file containing the data you want to scan for compliance violations.Yggdrasil will:
  • Detect the schema automatically
  • Suggest column mappings using AI (e.g., mapping "tx_amount" to the expected "amount" field)
  • Display a preview of your data
The platform supports up to 50,000 rows per scan. Larger datasets will be sampled automatically.
5

Review and confirm column mappings

Before the scan runs, you’ll see the suggested column mappings:
CSV Column          →  Expected Field
─────────────────────────────────────
tx_amount           →  amount
account_id          →  account
tx_type             →  transaction_type
timestamp           →  timestamp
You must approve these mappings. No data transformations happen behind the scenes — transparency is a core design principle.If the AI mapping is incorrect, you can manually adjust it before confirming.
6

Review rules (optional)

Before running the scan, you can review the rules that will be evaluated against your data.Each rule displays:
  • Rule name and severity (CRITICAL, HIGH, MEDIUM)
  • Policy excerpt — the exact regulatory clause it enforces
  • Conditions — the compound boolean logic (AND/OR trees) used to detect violations
You can toggle individual rules on or off. Disabled rules won’t fire during the scan.
7

Run the compliance scan

Click Start Scan.The deterministic rule engine will:
  1. Normalize your CSV data (type coercion, field mapping)
  2. Evaluate each active rule against your records
  3. Apply confidence scoring (rule quality + signal specificity + statistical anomaly detection + Bayesian precision)
  4. Generate violations with full explainability
Scans typically complete in seconds for datasets under 10,000 rows.
The rule engine is deterministic — no ML models run in the enforcement loop. This makes results reproducible and audit-ready.
8

Review violations

After the scan completes, you’ll see a dashboard with:
  • Compliance score (0–100) based on violation count and severity
  • Violations by severity — CRITICAL, HIGH, and MEDIUM counts
  • Violations by rule — which rules triggered the most findings
  • Violations by account — accounts with the most compliance issues
Click on any violation to open the evidence drawer, which shows:
  • The policy excerpt that was violated
  • The matched conditions that triggered the rule
  • The evidence grid — the exact field values from your data that caused the violation
  • A natural-language explanation (generated from deterministic templates, not LLM calls)
9

Approve or dismiss violations

For each violation, you can:
  • Approve — Mark as a confirmed true positive
  • Dismiss as false positive — Mark as incorrect
Your feedback is used in a Bayesian precision model that updates rule confidence:
precision = (1 + true_positives) / (2 + true_positives + false_positives)
Rules that produce false positives lose confidence over time. Rules that catch real issues gain confidence. Your reviews make the next scan better.
10

Export your report

Once you’ve reviewed violations, export a full compliance report as JSON:
GET /api/export?scanId={scan_id}
The export includes:
  • Scan metadata (policy, dataset, timestamps)
  • All violations with evidence and explanations
  • Compliance score breakdown
  • PII findings (if PII detection was enabled)

Next Steps

Configuration

Learn about environment variables and deployment settings

API Reference

Explore the REST API for programmatic access

Build docs developers (and LLMs) love

Get started for freeTalk to us