ComplianceCheckup

Is Ashby GDPR Compliant?

Ashby privacy and compliance overview. Last scanned: 1 months ago.

Ashby scored 46/100 (grade F), indicating significant privacy issues. Key issues found: 1 tracking request detected before consent. Tracking requests detected but no consent banner found. This is an automated technical assessment, not a legal compliance certification.

F

46/100

Privacy and compliance score

Scanned May 17, 2026 in fetch mode.

Pre-consent tracking

0/23

1 tracking request detected before consent.

Cookie consent banner

0/12

Tracking requests detected but no consent banner found.

CCPA / CPRA disclosures

3/8

CCPA/CPRA partial: CCPA/CPRA language in privacy policy. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance.

Privacy policy

8/10

Privacy policy found but may be incomplete or outdated.

DPA and sub-processor list

3/7

Sub-processor list found, but no DPA reference detected.

Accessibility (WCAG 2.x AA)

7/15

Accessibility scan unavailable in fetch mode.

AI training stance

5/5

No AI training disclosure found.

COPPA signal

5/5

No COPPA language detected.

Security headers

10/10

All four security headers present.

Hosting region disclosure

5/5

Data hosting region disclosed in privacy policy.

Does Ashby self-report SOC 2, HIPAA, or PCI compliance?

The following is based on Ashby's public documentation. ComplianceCheckup has not independently audited these claims.

StandardStatus
SOC 2Type II certified
HIPAANot publicly documented for Ashby
PCI DSSNot publicly documented for Ashby
GDPRSee scan results above
CCPASee scan results above

Frequently asked questions about Ashby compliance

Is Ashby GDPR compliant?

Ashby received a privacy grade of F (46/100) in our automated scan. 1 tracking request detected before consent. Tracking requests detected but no consent banner found. For a complete GDPR assessment, consult a qualified privacy professional.

Does Ashby offer a Data Processing Agreement (DPA)?

No DPA link was found in our directory for Ashby. Check their legal or trust center page, or contact their sales team to request a DPA under GDPR Article 28.

Is Ashby SOC 2 certified?

Ashby holds a SOC 2 Type II certification.

Does Ashby have a HIPAA Business Associate Agreement?

No HIPAA BAA was found in our directory for Ashby. Contact their sales team for HIPAA coverage options.

What pre-consent tracking did we find on Ashby?

1 tracking request detected before consent. Pre-consent tracking means scripts or cookies run before users accept or decline the cookie banner, which may violate GDPR Article 5(1)(a). ComplianceCheckup detected this via an automated headless browser scan.

What are Ashby's biggest privacy risks?

Based on our automated scan, the top areas of concern are: Pre-consent tracking, Cookie consent banner, CCPA / CPRA disclosures. 1 tracking request detected before consent. These findings are automated and may not capture all risks.

How does Ashby handle CCPA?

CCPA/CPRA partial: CCPA/CPRA language in privacy policy. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. CCPA requires businesses handling California residents' data to disclose data practices, honor opt-out requests, and support the Global Privacy Control (GPC) signal. Our scan checks for GPC support and CCPA-relevant cookie disclosures.

Not legal advice. The scan grade is an automated technical assessment and does not constitute legal or compliance advice. Self-reported claims have not been independently verified. Results may contain false positives or miss issues that cannot be detected programmatically. Consult a qualified attorney or compliance professional for your specific situation.