Dan Gonzalez

    I'm Dan Gonzalez.

    I'm a JD who builds AI systems for regulated industries.

    I spent 12 years building healthcare compliance programs at regulated technology companies. HITRUST certifications, SOC 2 audits, CMS authorization processes, hundreds of BAA negotiations. That background is the foundation behind Rote, a multi-tenant AI compliance platform I designed and built solo. I also built Safe LLM Lab, an LLM safety testing research platform. Right now I'm building Kit, an offline inference system for my 1967 Dodge Coronet.

    I also take fractional Chief AI Officer engagements. I keep it to one or two at a time — which means I actually show up. Not as an advisor rotating through quarterly calls, but as someone in the room when architecture decisions get made, vendors get evaluated, and governance frameworks get built. If any of that is relevant to where you are, reach out.

    Builds

    Things I've built and am building.

    Rote Compliance

    Live

    FastAPI, Next.js, Qdrant, LangGraph, LiteLLM

    Multi-tenant healthcare compliance platform organized around two capability categories: baseline point-in-time analysis (HIPAA gap analysis, BAA review against 45 CFR 164.504(e)(2), framework mapping, control assessment, 3x3 risk assessment, and RAG-backed compliance Q&A) and continuous regulatory monitoring via Sentinel, which tracks regulatory drift against each workspace's surface area and surfaces remediation recommendations as regulations shift.

    Approximately 130,000 lines of code. Sole architect and developer.

    rotecompliance.comGitHub

    Safe LLM Lab

    Open source

    Python, Redis, PostgreSQL

    Research platform for systematic LLM safety and prompt-vulnerability testing. Risk-classified prompt assessment, safety metrics dashboards, and multi-user encrypted study collaboration with study-level and organization-wide RBAC. AES-256-GCM encryption, row-level security, MFA with encrypted TOTP secrets, JWT with revocation IDs, Redis-backed encrypted session storage, and tamper-detected audit logging with anomaly detection on privilege escalation.

    Deployed and live. 2 stars on GitHub.

    github.com/Dangsllc/safe-llm-lab

    Kit

    In progress

    Raspberry Pi, Python

    An LLM running on a Raspberry Pi, integrated into my 1967 Dodge Coronet. The goal is local, offline inference for vehicle systems: ambient intelligence that does not require a cloud connection. The car is Plum Crazy Purple with a custom stereo system I designed, installed, and tuned myself. Kit is the next electronics project on that car.

    Open source. Still early, no code yet. Looking for contributors who think building something weird sounds interesting.

    github.com/Dangsllc

    Writing

    I write about AI safety, building production AI systems, what it's like to have a law degree and write software, hardware projects, and whatever else I'm working through. Mostly on Substack, occasionally on LinkedIn.

    Substack

    dang07.substack.com

    LinkedIn

    Dan Gonzalez

    Writing about Rote, compliance methodology, BAA analysis, and continuous regulatory monitoring lives on rotecompliance.com/writing.

    Background

    When I finished law school I went directly into healthcare compliance instead of traditional legal practice. That wasn't the conventional path, but it was the right one. The compliance work was more hands-on, more technical, and more directly tied to outcomes than most of what attorneys do early in their careers.

    I spent the next 12 years building compliance programs from the ground up at regulated technology companies. HITRUST certifications, SOC 2 audits, CMS authorization processes, hundreds of BAA negotiations, incident responses, program launches. The kind of work where you're reading the actual CFR provisions and figuring out what they mean for a specific system architecture.

    That background became the methodology behind Rote. I built the baseline analysis workflows because I needed that foundation for continuous regulatory monitoring to work the way I intended. Most compliance platforms stop at point-in-time analysis. I treated it as the floor.

    Now I do fractional Chief AI Officer work, take one or two clients at a time by design, and build in public.

    Full background

    Work With Me

    I do fractional Chief AI Officer engagements. I take one or two clients at a time, by design. The work is technical: AI system design and implementation, compliance architecture for regulated industries, LLM safety evaluation, and helping organizations understand what they're actually building and what it costs to maintain.

    If you're looking for Rote or the wrap-around compliance services, that's at rotecompliance.com. If this sounds like a fit, reach out.

    Reach out