Seoxpert.io
Get started
Compliance
GDPR · CCPA · ePrivacy

GDPR & privacy compliance checker

Seoxpert scans for missing consent flows, undisclosed trackers, and weak privacy policies — and uses AI to assess whether your policy actually covers what your site does. Free first scan.

No credit card required · Results in under 2 minutes

What the scan checks

Cookie consent and tracker detection

  • Analytics and advertising scripts loading before user consent
  • Missing consent management platform (CookieBot, OneTrust, CookieYes, etc.)
  • Excessive tracking services creating consent complexity
  • Consent banner not blocking third-party scripts

Privacy policy quality (AI-powered)

  • Policy exists and is publicly linked from every page
  • All detected tracking services are disclosed
  • GDPR data subject rights mentioned (access, erasure, portability, rectification, objection)
  • Data controller contact or DPO named
  • Data retention periods specified
  • Legal basis for processing stated (consent, legitimate interest, etc.)

Required legal pages

  • Terms of Service / Terms & Conditions page
  • Dedicated Cookie Policy (separate from privacy policy)
  • Imprint / legal notice (required for EU/DE companies)
  • Visible contact email (GDPR Art. 13 — controller identity)

CCPA compliance signals

  • "Do Not Sell My Personal Information" link in site footer
  • Data sharing with advertising networks disclosed
  • California-specific opt-out mechanism present
AI-powered

We actually read your privacy policy

Most compliance scanners check whether a privacy policy URL exists. Seoxpert sends the policy text to AI and evaluates whether it covers the trackers you actually run, lists GDPR data subject rights, names a controller contact, and states the legal basis for processing.

Does the policy mention every tracking service in use?
Are all 6 GDPR user rights explicitly covered?
Is the policy written in plain language or dense legalese?

Which regulations apply to your site

Compliance requirements depend on where your visitors are — not just where you're registered.

GDPRGeneral Data Protection Regulation (EU)
Applies to
Any site that collects data from EU/EEA residents — regardless of where the company is based.
Fine range
Up to €20M or 4% of global annual revenue, whichever is higher.
Key requirements
  • ·Lawful basis for every category of data processing
  • ·Transparent privacy notice (who, what, why, how long, rights)
  • ·Prior consent for non-essential cookies and tracking scripts
CCPA / CPRACalifornia Consumer Privacy Act (USA)
Applies to
For-profit businesses meeting any of: $25M+ revenue, 100k+ consumers' records, or 50%+ revenue from selling data.
Fine range
$2,500 per unintentional violation · $7,500 per intentional violation.
Key requirements
  • ·"Do Not Sell or Share My Personal Information" opt-out right
  • ·Right to know what data is collected and sold
  • ·Right to delete personal data
ePrivacy DirectiveEU Cookie Law (ePrivacy Directive)
Applies to
All websites using cookies or tracking technologies that target EU users.
Fine range
Varies by member state — UK ICO fines up to £500K; France CNIL fines up to €150K for cookie violations.
Key requirements
  • ·Informed, specific, freely-given consent before setting non-essential cookies
  • ·Granular consent categories (analytics, marketing, functional)
  • ·Equal prominence for "reject" and "accept" options

Also check

Accessibility compliance (WCAG 2.1 / ADA)
Pinch-zoom, alt text, form labels, ARIA — the accessibility gaps driving ADA lawsuits.

Scan your site for GDPR gaps now

Free scan — consent flows, privacy policy quality, legal pages, and CCPA signals checked in one pass.

Or see all compliance checks →