We passively scan your site the way a plaintiff's firm would: no login, no clicks, just a request log showing which tracking pixels and session-replay tools fire before any consent decision. Then we fix it at a fixed price and keep it fixed.
Free scan & reportNo call requiredEngineers, not lawyers
Enter your domain. We run the same passive scan a plaintiff's firm would, and show you the result with a fixed-price quote — on this page, in about a minute.
We scan public pages only, passively, with an identified user agent. Your email is used to send you the full report and follow-ups about your result — unsubscribe anytime.
Loading your site like a first-time US visitor…
We load your site exactly like a first-time US visitor who hasn't touched a consent banner — and log every tracking request that fires anyway, with timestamps and URLs.
You get the request log in plain English: which vendors fired, before what, and how the same evidence looks in a demand letter. Plus your email-security (DMARC) status.
Fixed-price engagement: consent-gate every tag, install or rewire your consent platform, set up DMARC. Most sprints complete within days, verified by re-scan.
Tags creep back in with every marketing campaign. We re-scan on a schedule and alert you before a plaintiff's firm notices — with a monthly compliance record.
Meta, TikTok, Google Ads, Pinterest, Snap, Bing, LinkedIn and ~30 more vendor signatures — each logged with timestamp and evidence URL.
Hotjar, Microsoft Clarity, FullStory, LogRocket and similar recorders — the highest-risk category in current litigation.
Whether a consent platform is present — and whether your tags actually respect it, or silently leak around it.
Roughly 85% of domains have no DMARC record, leaving their brand open to spoofing. We check yours and set it up correctly.
Final sprint price depends on tag count, platform and consent setup — your scan report includes the exact quote. Compare either number against a single ~$15,000 settlement.
We don't practice law, and we don't tell you whether you'll be sued. We document what any visitor's browser can observe on your website — which requests fire, to whom, and when — and we change what those facts are.
Everything we report is client-side and verifiable: you can reproduce every finding in your own browser's network tab. If you need legal advice on top of the engineering, we're happy to work alongside your counsel.
The scan is passive: it loads your public website once, the same way any visitor's browser does, and records which requests your own pages make. No login, no forms, no probing — just observation of publicly served assets, with an identified user agent.
A banner alone is the most common false comfort. In most scans where a consent platform is present, tags still fire before the visitor makes any choice — that gap between banner and behavior is exactly what current lawsuits target. The request log shows whether yours holds.
You get a verification re-scan showing the before/after request logs. Ongoing monitoring then re-scans your site on a schedule, because every new campaign tag or theme update can silently reintroduce pre-consent tracking.
California's CIPA drives the largest volume of claims, but similar suits are active in Pennsylvania, Florida, Illinois and Arizona, and roughly 20 states now have privacy statutes. The report also covers email security (DMARC), which is jurisdiction-independent.
Reply to our email or request your report here. You'll get the full request log and a fixed quote. No call, no commitment.
Request your scan report