Product

Inside DataVibe's policy engine: every rule, and why it matters

Kshitij Bhatt, Founder · April 10, 2026 · 5 min read

A walkthrough of the deterministic rules DataVibe runs on every outbound payload — pricing claims, competitor mentions, tone, attachments, and more.

Every time an AI-generated payload passes through the DataVibe gate, it runs through a deterministic policy engine. Here is exactly what that engine checks, why each rule exists, and what happens when one fires.

40+

Policy rule types

<50ms

Median scan time

Severity levels

100%

Reproducible

The three severity levels

BLOCK: Hard stop — payload rejected, never dispatched. No human approval can override a BLOCK verdict; the rule must be changed in policy config.
WARN: Payload routed to the human approval queue. Reviewer sees the payload, the fired rule, and the matched content. Decision is logged with reviewer identity and timestamp.
INFO: Logged but passes automatically. Used for observability — you want to know this fired, but it doesn't require action.

Rule category 1: Pricing and commitments

PRICE_CLAIM — Matches dollar amounts ($X/month, $X/user). Validates against approved price book. BLOCK if outside ±5% of book price.
DISCOUNT_THRESHOLD — Matches percentage discount language. WARN above 15%, BLOCK above 25% (configurable).
GUARANTEE_LANGUAGE — Matches "money-back guarantee", "guaranteed results". Always BLOCK — creates binding warranty obligations.
PRICE_LOCK_COMMITMENT — Matches forward pricing commitments ("price locked for", "rate guaranteed through"). BLOCK.

Rule category 2: PHI and PII (HIPAA)

PHI_SSN — Regex matches Social Security Numbers in all formatted variants.
PHI_MRN — Matches Medical Record Number patterns (configurable per system).
PHI_DOB_COMBO — Fires when a date pattern and name pattern appear within 100 characters — the PHI combination pattern.
PHI_DIAGNOSIS — Semantic classifier: detects ICD-10 codes and diagnosis language. WARN for patient-facing content.

Rule category 3: Regulatory compliance

FINRA_PERFORMANCE_CLAIM — Past performance claims, projected returns, superlative language in financial outbound. WARN — requires principal review.
CMS_BENEFIT_CLAIM — Medicare Advantage specific. Flags benefit assertions not in current plan year's approved benefit schedule. BLOCK.
EEOC_AGE_PROXY — HR recruiting. Flags "recent graduate", "young and energetic" as age-proxying language. BLOCK for protected class references, WARN for proxies.

How rules are versioned

Every workspace has a policy version. When you change a rule, a new version is created. Every audit log entry records which policy version evaluated the payload — so you can always answer "Which rules were active when this payload was evaluated?" This is required for FINRA examination evidence and SOC 2 audits.

// Audit log entry — policy version always recorded
{
  "action_id": "act_01HXZ...",
  "policy_version": "v12",
  "verdict": "WARN",
  "violations": [{
    "rule": "DISCOUNT_THRESHOLD",
    "severity": "WARN",
    "matched_substring": "22% off your first year"
  }],
  "reviewed_by": "[email protected]",
  "review_decision": "APPROVED",
  "hash": "sha256:a3f9e1...",
  "prev_hash": "sha256:b8c2d4..."
}

See DataVibe in action

30-minute live walkthrough: policy engine, approval queue, audit chain.

Book a demo →Integration guide

See the gateway in action

Book a 30-minute live walkthrough.

Book a demo