Work

A growing wave of regulations — EU DSA, EU TCOR, UK OSA, NY S895, CA AB 587, Brazil ECA, India IT Rules, and others — each require granular, consistently-localized transparency reporting. Roblox’s previous approach was manual and difficult to scale as the regulatory landscape continued to expand.

• Lead transparency reporting strategy and production for 8+ international regulations.
• Wrote a suite of modular, production-grade SQL queries with version control for repeatable, auditable reporting cycles.
• Designing a Product Compliance Unified Data Model and automated reporting pipeline to scale and future-proof the system ahead of external audits.
• Leading AI enablement initiatives to improve team productivity and reduce manual overhead.

Researchers studying online platforms — academics, civil society organizations, and platform safety analysts — have had no official, programmatic way to access Roblox’s public data. Without structured access, external research has relied on manual collection or unofficial scraping, limiting the quality and scale of independent scrutiny Roblox could receive on content moderation, platform safety, and policy enforcement. Meanwhile, Roblox had no mechanism to proactively support the research community that informs policymakers and public understanding of major platforms.

• Identifying the opportunity to create Roblox’s first-ever public Research Data API — a capability that has never existed at the company and is not standard practice among major gaming platforms.
• Leading end-to-end product strategy: scoping what public data to expose, designing the API schema and endpoint architecture, and defining data governance, researcher access controls, rate limiting, authentication, and terms of use.
• Driving cross-functional alignment across Engineering, Legal, Policy, and Privacy to design a compliant, sustainable, and scalable access model.
• Positioning the API as a structured complement to Roblox’s existing transparency reporting — extending the company’s public accountability posture beyond periodic reports into queryable, on-demand data access.

Building production-grade SQL and Python for 10+ regulatory compliance requirements — reports, RFIs, risk assessments, and litigation support — would normally take 3–6 engineering weeks of pure coding per cycle. With a fast-expanding regulatory portfolio and a lean team, that pace was infeasible.

• Operated as PM and first author in a human-in-the-loop AI coding workflow, using Cursor agents to generate production-grade SQL and Python.
• Generated 7,000+ lines of production code across 10+ regulatory requirements, with data engineers and data scientists serving as code reviewers rather than primary coders.
• Designed a structured development pipeline: query and schema context → AI-generated SQL → human code review and approval → iterative refinement → full-scale Python pipelines.
• Compressed the feedback loop between PM and engineering, enabling faster iteration and reducing the bottleneck of cross-functional scheduling.

The Privacy Sandbox Working Group (900+ engineers, PMs, and compliance staff) was drowning in 12,000+ documents sequestered across restricted repositories. Information retrieval was a serious bottleneck — slowing development, regulatory compliance, and strategy — but the sensitivity of the corpus ruled out general-purpose search tools.

• Sole author of the v1 and v2 design documents; primary driver from conception to working prototype.
• Consulted stakeholders across the org to diagnose pain points, then designed the complete end-to-end system: web frontend, backend on Agent Studio, Gemini 2.5 Pro as the LLM, and a vector database indexed with 12,000+ restricted documents.
• Implemented two operational modes: (1) Expert Q&A with RAG and source citation, grounded in the corpus; and (2) a specialized drafting mode to generate first drafts of D&I Criteria Assessments — a high-frequency compliance workflow — directly from user-provided change descriptions.
• Authored the system prompt, defined technical requirements, access controls, and risk mitigations including hallucination guards and mandatory human review.
• Presented the project at the Privacy Sandbox TPgM AI Hackathon; received a spot bonus from a Senior Director for “unlocking potential impact in terms of time savings and quality of regulatory responses.”

The Privacy Sandbox Legal team spent several hours every week manually sifting through bug reports and linked documents to prepare a legal review digest. The process was slow, inconsistent, and bottlenecked compliance oversight for the entire Privacy Sandbox initiative.

• Sole author and developer of the end-to-end automation solution.
• Engaged directly with the Legal team to understand their workflow, decision criteria, and what “good” looks like for each sub-team.
• Designed a three-stage pipeline: SQL (F1) to extract relevant bug data → Python (Colab) to orchestrate → Gemini LLM via TextMiner to process.
• Engineered a series of multi-step prompts performing complex cognitive tasks: summarizing linked documents, identifying key risks against specific CMA regulatory commitments, and classifying the required review type (“Review Required” vs. “FYI Only”) for three Legal sub-teams — Product, Competition, and Privacy.

Quarterly Monitoring Trustee (MT) compliance reports — a mandatory deliverable under Google’s legal commitments with the UK Competition and Markets Authority (CMA) — were generated manually. The process took over 60–80 person-hours per quarter, was high-stakes, error-prone, undocumented, and dependent on 5–6 individual single points of failure. There was no auditability and no daily visibility into key metrics.

• Sole author and implementer. Three SWEs who originally scoped the project believed only a software engineer could build it — and were skeptical a TPM would attempt it.
• Designed the end-to-end system architecture: an ETL pipeline pulling from multiple internal data sources (Teamgraph, raw system logs, non-standard imports), with complex data processing, LLM enrichment, and automated report generation.
• Architected a PLX workflow executing a series of SQL scripts to extract, process, and enrich data across three working groups (PSWG, NWG, AWG), with dynamic reporting period calculation and export to Google Sheets.
• Implemented version control and modular query design for maintainability, auditability, and elimination of single points of failure.
• Delivered ahead of schedule, over major international holidays.

A significant compliance gap: employees in the 500+ person Privacy Sandbox org were not members of the mandatory Privacy Sandbox Working Group (PSWG), a foundational requirement under Google’s CMA Commitments. There was no automated mechanism to identify, notify, or track non-compliant individuals.

• Proactively identified the compliance gap — entirely self-initiated; not assigned.
• Designed an automated detection system using SQL to cross-reference employee reporting chains with PSWG group membership data.
• Built an AppsScript notification system to automatically email non-compliant individuals and their managers, with tracking to closure.

The Legal Content Policy & Standards team needed to quickly understand the essence of thousands of incoming legal removal requests for case management and trend analysis. Manual review at this volume was infeasible. Automatic case summarization was the top-requested feature for their primary management dashboard — but no scalable solution existed.

• Author of the design document, user guide, and lead implementer of the full automated workflow.
• Consulted directly with the LCPS team to define requirements and understand the nuances of how case summaries would be used operationally.
• Designed an innovative pipeline using SQLMiner to perform bulk LLM inference directly within the database environment — avoiding the need to export sensitive case data to an intermediate system and enabling truly industrial-scale operation.
• Engineered a RAG-pattern prompt feeding structured data from case tables into the LLM, producing succinct, accurate, consistently-formatted summaries across every eligible case.
• Surfaced AI-generated summaries directly within the team’s primary PLX management dashboard as an on-demand feature.

The legal operations team was processing legal removal requests manually — a workflow requiring case-by-case review across multiple internal tools. An 8,400+ case backlog had accumulated, and the ongoing volume (tens of thousands of cases) made manual processing at headcount parity infeasible.

• Built a node.js proof-of-concept automation script to process the immediate backlog of 8,400+ cases, proving the approach worked before investing in a full solution.
• Led development of a production Chrome Extension using browser automation to process legal removal requests at scale — automating the multi-tool workflow that previously required manual interaction.
• Partnered with Engineering to take the approach from proof-of-concept to production-ready tooling.
• Praised by senior PMs for both the speed of delivery and the impact on team capacity.