Compliance Profiles

If you advertise in a regulated profession - real estate, mortgage, contracting, healthcare, law, financial advice, or insurance - the words in your blog posts are subject to rules your industry takes seriously. A compliance profile teaches theStacc those rules for your project, so generated content includes the disclosures you are required to make and steers clear of the claims you are not allowed to make.

Compliance is opt-in and off by default. The vast majority of businesses on theStacc never need it - roughly 7% of projects operate in a regulated vertical. If that is you, this page explains how to set it up and exactly what changes once it is on.

Compliance guardrails assist your review. They do not guarantee legal or regulatory compliance. The licensed professional stays responsible for everything that gets published. Always review generated content - and consult your own compliance or legal counsel - before it goes live.

Who needs this#

Turn on a compliance profile if your project markets in one of these regulated verticals:

• Real estate - agents and brokerages
• Mortgage - loan originators and lenders
• Contractor - licensed trades and general contractors
• Healthcare - providers, clinics, and practices
• Law firm - attorneys
• Financial adviser - advisers and investment firms
• Insurance - agencies and producers

If your business is not regulated, you do not need a compliance profile, and leaving it off keeps generation exactly as it is today.

Where to set it up#

Go to Settings > Project > Compliance (it carries a Beta badge in the sidebar). Compliance is a project-level setting - each project has its own profile, so a regulated project and a non-regulated one under the same account behave independently.

Editing the profile requires project admin access. If you are not an admin, you will see the settings in read-only mode and the values your admin has set, but you will not be able to change them.

Setting up a profile#

1. Turn on Enable compliance guardrails. Until this is on, the rest of the form is inactive and nothing changes about your content.
2. Choose your industry. Pick the regulated vertical your project operates in. (Financial adviser and Insurance are marked Advanced.) If you want the universal guardrails without a specific vertical, pick Not regulated - compliance stays on with the baseline rules only.
3. Choose your jurisdiction. Select the primary US state whose rules apply to your content, or pick Nationwide if you market across the whole US and are not bound to a single state. Federal rules apply either way - the state choice layers any state-specific requirements on top of the federal baseline.
4. Enter your license number(s). Each vertical asks for the identifier it needs:

- Real estate - DRE #

- Mortgage - NMLS #

- Contractor - CSLB # (license #)

- Healthcare - Board / license #

- Law firm - Bar #

- Financial adviser - CRD #

- Insurance - NPN (producer #)

theStacc uses these to fill in the disclosures your field requires. It never invents a license number - if you leave it blank, any disclosure that needs it is reported as missing rather than published with a hole in it.

1. Name your responsible firm. The licensed firm or practice to attribute in content where your industry requires it (for example, "Acme Realty Group, Inc.").
2. Add a custom disclaimer (optional). Any extra language you want appended to generated posts, in addition to your industry's standard disclaimers.
3. Save changes. Only admins see the Save button. The What we'll enforce panel shows a reference preview of the required and prohibited rules for your selected vertical.

Apply to content you already have#

Once a profile is saved and enabled, admins see an Apply to existing content option with a Re-scan existing button. This re-checks drafts you already created against your rules - adding required disclosures where it can and flagging anything that needs review before publishing. Save your changes first; the re-scan always reflects what is saved, not unsaved edits. A large project may be scanned in batches, in which case theStacc tells you the scan was partial so you can run it again to finish.

What gets enforced#

When a profile is on, two things happen automatically.

Required disclosures are injected at planning time. Before theStacc writes a post (and whenever it regenerates one), it adds your industry's required disclosures and language to the instructions - your license number, responsible firm, equal-housing or not-a-commitment language, not-medical-advice or not-legal-advice statements, and your custom disclaimer where one applies. Where a disclosure can be filled in from the details you entered, theStacc also appends it deterministically when the post is sent to your site, so it is present even if the draft missed it.

Prohibited content is steered away from. The same instructions tell the writer what it must never say for your field - guarantees of outcome (property value, loan approval, case results, returns, claim approval, cure), steering language tied to protected classes, unsubstantiated "#1 / best" claims, fabricated testimonials or reviews, and similar. theStacc does not fabricate license numbers, testimonials, quotes, or patient information.

The exact required and prohibited rules depend on your vertical and jurisdiction. The What we'll enforce panel on the settings page is a plain-language preview of them.

The review gate#

Every draft on a compliance-enabled project gets a compliance verdict before it can be approved or published. The verdict is one of three levels:

• None - the draft passed; nothing to address.
• Hold for review - the draft needs a human to look before it ships (for example, a missing disclosure that could not be auto-filled, a discretionary flag, or a vertical that always requires review).
• Block - the draft contains something that must not publish as written (for example, a prohibited guarantee or a fabricated review).

The verdict is shown to you ahead of approval, along with the specific violations found and any missing disclosures that still need to be inserted - so you know exactly what to fix rather than getting a vague "not allowed." Drafts that need review are flagged with a small badge in your blog list and on the draft itself, so enabling compliance visibly surfaces the content that needs attention instead of surprising you at publish time.

The verdict is recorded as part of the draft's record for your audit trail - which rule versions ran, what was inserted, what is still missing, and the pass/hold/block result.

What happens at publish#

The gate runs again at publish, and what it does depends on how you publish.

Manual publish (you click Publish):

• Block prevents publishing. A hard block is not overridable - the content must be edited first.
• Hold for review stops the publish but can be overridden by a person who accepts responsibility (see below).
• None publishes normally.

Automatic publish (autopilot / scheduled):

• Autopilot is stricter because there is no human in the loop. Both a block and a hold-for-review stop the post and route it to your review queue for a person to handle - autopilot never overrides a hold on its own.
• Some profiles forbid auto-publish entirely (for example, attorney advertising in states that require a bar filing). Content on those profiles always routes to manual review, regardless of the verdict.

When the gate cannot run cleanly, theStacc fails safe:

• If the gate errors while checking a post (fail-closed), the post is held, not published - unreviewed content never slips out because a check hiccupped.
• If the compliance layer itself is unavailable, the publish proceeds as it would for a non-regulated project (fail-open) - an infrastructure outage does not block every publish on the platform. Your manual review and the disclosure insertion still apply; only the extra double-check is skipped, and it is logged for the team.

Overrides: accepting responsibility#

A hold-for-review on a manual publish can be overridden by a person. Overriding means a human is explicitly saying "I have reviewed this and I take responsibility for publishing it." You can attach a reason, and the override is recorded in the draft's compliance audit trail - who overrode it and why.

Two guarantees matter here:

• Only a person can override. Automated callers (such as agent-key integrations) can never clear a compliance hold, even if they ask to - the override is reserved for a signed-in human.
• Overrides are never silently cleared. Once you have overridden a hold and published, regenerating or re-checking that draft will not quietly erase your override evidence. The record that a licensee approved despite a hold is preserved.

A hard block is never overridable on any path - it must be fixed in the content.

Auto-suggestion#

If theStacc notices signals that your project looks like a regulated business - from your business category, name, website, or description - it may suggest enabling a compliance profile and pre-select the likely vertical for you. This is a suggestion only. theStacc never turns compliance on by itself. You will see a dismissible banner, and a profile only becomes active when an admin enables it and saves. You stay in control of whether the layer is on at all.

A note on placeholder language#

Some required disclosures ship with language marked [PENDING COUNSEL] - wording that is still awaiting legal sign-off. Any draft that relies on a pending-counsel disclosure is automatically held for review rather than auto-published, so it always passes through a person before going live. This is deliberate: theStacc would rather route a regulated post to you than publish wording that has not been finalized. As always, the licensed professional is responsible for confirming the final language is correct for their jurisdiction.

Related#

• Quality & safety - the full set of systems that keep generated content on-brand, accurate, and safe, including how compliance fits in.
• Publishing - publishing modes (auto, review queue, draft) and how the review gate interacts with each.