Most websites break GDPR before visitors even click “Accept”
One scan finds every cookie violation regulators would flag — and shows you exactly how to fix each one.
Last real scan flagged 5 critical issues — scored 42/100.
Not a checklist — we open your site in a real browser and record what actually loads before, during, and after consent.
This is the report you get — real scan, domain masked
This website has a critical compliance mismatch: the privacy policy states "no analytics, no tracking" but the site deploys Google Analytics (GA4) via Google Tag Manager. While non-essential cookies are correctly blocked until consent, the policy completely fails to disclose these Google services, violating both GDPR Article 13 (transparency) and ePrivacy Directive Article 5(3) (informed consent). The website also lacks key GDPR-required information including DPO contact, data retention periods, user rights, and withdrawal instructions.
2 cookies detected
Top violations — mapped to the law
+ 4 more findings in the full report
The 4 things every audit checks
Data protection authorities don't read your privacy page — they crawl your site and measure what actually happens. Any visitor can trigger that audit with a complaint that costs them nothing. These are the exact checks, and what trips them.
Cookies firing before consent
Non-essential cookies must not load until the visitor actively accepts. Authorities run automated crawlers that record every cookie set on page load.
Google Analytics or Meta Pixel sets a cookie the moment the page opens.
Reject must be as easy as accept
Refusing consent has to be one click, just like accepting it. Anything that nudges users toward “Accept all” counts as an illegal dark pattern.
A bright “Accept all” button with “Reject” hidden behind a settings menu.
Every cookie named in the policy
Each cookie must be listed by name with its provider, purpose, and retention period. A vague “we use cookies” line does not satisfy the disclosure duty.
The policy says “analytics cookies” without naming _ga, _gid, or _fbp.
Third-party processors disclosed
Every tracker that receives visitor data — analytics, ads, embeds — must be disclosed as a processor with a signed DPA, independent of your banner.
A YouTube embed or ad pixel quietly shares IP addresses with no mention.
Our scanner runs all four checks on your site in ~2 minutes — and maps each finding to the exact article above.
Find every violation before they do
One scan runs the same checks regulators do — under the ePrivacy Directive and GDPR — and hands you the fix for each finding, before a complaint turns it into a fine.
Cookie Detection
Detect all cookies — first-party and third-party — with category, provider, duration, and whether they fire before consent.
Consent Banner Audit
Check if your CMP actually blocks cookies before consent, offers a reject option, and avoids dark patterns.
Policy Analysis
Compare your privacy policy against what's actually running. Find undeclared cookies, missing retention info, and gaps.
Third-Party Scripts
Identify every tracker, analytics tool, and advertising pixel. Know exactly who processes your visitors' data.
AI-Powered Report
Claude AI analyzes all findings and generates a detailed compliance report with a score from 0-100.
Actionable Fixes
Get step-by-step remediation for each issue, priority-ranked. Copy the fix prompt into your AI coding assistant.
See what your site loads before visitors ever click “Accept”.
Run a Free ScanThree steps to compliance
No setup, no config. From URL to a law-mapped report in about two minutes.
Paste your URL
Sign in free with Google and drop in any website. No tag, no snippet, no install.
We scan it for real
A real browser loads your site before, during, and after consent — capturing every cookie and tracker.
Fix before they fine
Get your score, issues ranked by severity, and copy-paste fixes mapped to each law.
See the problems free.
Unlock the solutions.
Free scans show you what regulators would flag. Premium gives you the exact fixes — before they send a letter.
Diagnosis
Know exactly where you stand — and what regulators would flag today.
- Compliance score (0–100)
- Issue count by severity
- Cookie breakdown by category
- Consent banner pass/fail checks
- Policy coverage checklist
- Positive findings
- 1 free scan
Prescription
Everything in Free, plus the exact fixes — from €3 per scan.
- Detailed issue breakdown + remediation
- Step-by-step fix instructions
- AI-generated cookie policy (copy-paste)
- Copy-to-LLM prompts for each issue
- Downloadable fix report (.md)
- Managed sites dashboard
- Priority support
After using a bunch of tools to get our sites in line with the ePrivacy Directive under GDPR, this is the first one that gives you a proper way to fix the major cookie-compliance issues. The cherry on top: actionable fixes you can run straight in your agentic coding tool.
Simple, transparent pricing
ePrivacy and GDPR fines start at €5,000. Prevention starts at €3 per scan.
Free Scan
1 scan — free forever
- 1 free scan
- Compliance score
- Issues by severity
- Cookie & consent breakdown
- Policy checklist
1 Detailed Scan
one full report
- Everything in Free
- Full issue details + fixes
- Step-by-step remediation
- AI cookie-policy generator
- Copy-to-LLM fix prompts
10 Detailed Scans
just €1 per scan
- Everything in Free
- 10 full report unlocks
- Step-by-step remediation
- AI cookie-policy generator
- Downloadable fix reports
One-time payment — no subscription, no hidden fees.
Common questions
Does my website need to be GDPR compliant?
Yes — if your website is accessible to people in the EU or you process personal data of EU residents, GDPR applies regardless of where your business is based. This includes using Google Analytics, Facebook Pixel, or any tool that sets cookies or collects IP addresses. Non-compliance risks fines of up to €20 million or 4% of global annual turnover, whichever is higher.
What's the difference between GDPR and the ePrivacy Directive for my website?
They work together but cover different things. The ePrivacy Directive (2002/58/EC) is the specific law governing cookies and electronic tracking — it requires prior, informed consent before any non-essential cookie fires on a user's device. GDPR is the broader framework that defines what valid consent looks like, requires you to document all data processors, list data retention periods, and respect user rights. For day-to-day cookie compliance, the ePrivacy Directive is the primary rule. Our scanner checks both.
How accurate is the scan?
Very. We use a real headless browser (Playwright) to visit your site exactly like a user would — once before consent, once after accepting, and once after rejecting. We capture actual cookies at each stage, detect your consent banner, and extract your live privacy policy. The AI maps each finding to the specific ePrivacy or GDPR article it violates.
Do I need to create an account?
Yes — a free Google sign-in is required to save your results. It takes 2 seconds.
How often should I re-scan?
After any site changes (new plugins, scripts, or CMP updates), and at minimum quarterly. New plugins and theme updates often silently add tracking scripts.
What's the AI-generated cookie policy?
A complete, GDPR-compliant cookie policy tailored to your site's actual cookies and services. Includes cookie tables, third-party disclosures, user rights, and consent withdrawal instructions. Ready to copy-paste.
What does 'Copy to LLM' do?
It copies a structured prompt with the issue details and fix instructions. Paste it into Claude, ChatGPT, Cursor, or any AI assistant to implement the fix in your codebase.
Don't wait for a complaint.
Check your site now.
Regulators use automated tools to scan websites at scale. Your site is already visible to them.
Free scan · no credit card · results in under 2 minutes
As seen on