ComplianceCheckup

Free tool

PrivacyGrader

Enter any website URL and get a privacy and compliance grade in about 30 seconds. Free, no signup required.

What we check

Ten dimensions totalling 100 points. See the methodology page for full scoring rubric and limitations.

Pre-consent tracking

20 pts

Are trackers fired before the user accepts cookies? Advertising, fingerprinting, or session-replay scripts loaded before consent are a direct GDPR violation.

Cookie banner quality

12 pts

Does a CMP appear, does it offer a genuine reject path, and does post-reject tracking drop compared to pre-consent?

CCPA / CPRA

15 pts

Is there a Do Not Sell or Share link? Does the privacy policy contain a California disclosure? Does the site respect the GPC signal?

Accessibility (WCAG 2.2)

15 pts

Axe-core automated scan counts critical, serious, and moderate violations. We do not penalise for issues axe cannot detect.

Security headers

8 pts

HSTS with a 1-year min-age, CSP, X-Content-Type-Options: nosniff, and X-Frame-Options or CSP frame-ancestors.

Privacy policy

8 pts

Is a privacy policy discoverable, fetchable, long enough to be substantive (1 500+ chars), and updated within the last three years?

DPA and sub-processors

7 pts

Does the site publish a data processing addendum and a sub-processor list? Required for GDPR-compliant B2B SaaS.

AI training disclosure

5 pts

Does the privacy policy disclose whether user data is used for AI or machine-learning model training?

Hosting region disclosure

5 pts

Does the privacy policy disclose where user data is stored or processed geographically?

COPPA check

5 pts

Does the site collect data from children under 13 without the required parental-consent flow?

Frequently asked questions

Is PrivacyGrader free?

Yes. PrivacyGrader is completely free, requires no account, and has no usage limits beyond a rate limit of 5 scans per hour per IP address.

How long does a scan take?

Most scans complete in 10–30 seconds. Sites with slow servers or complex cookie flows may take up to 60 seconds.

Does a good grade mean my site is legally compliant?

No. PrivacyGrader is an automated technical scanner. It cannot assess whether your contracts, policies, or business processes meet legal requirements. A high score reduces your risk surface but is not legal advice and does not guarantee compliance. Always consult a qualified legal or compliance professional.

Can I embed the grade badge on my website?

Yes. Every report page includes a code snippet for an embeddable SVG badge that shows your site's current grade.

How often are scans refreshed?

Each scan is a fresh check. Reports are cached for 5 minutes; subsequent lookups of the same URL within that window return the cached result. To force a new scan, submit the URL again.

What if I disagree with a finding?

Known false positives and limitations are documented on the methodology page. If you believe a finding is incorrect, contact us via the contact page with the report URL and an explanation.

Not legal advice. PrivacyGrader is an automated technical scanner and does not constitute legal or compliance advice. Results may contain false positives or miss issues that cannot be detected programmatically. Always consult a qualified attorney or compliance professional for your specific situation.