# ComplianceCheckup.org

> ComplianceCheckup.org provides free automated privacy grades (A+ to F) and compliance checklists for 900+ SaaS tools and any website. Grades reflect automated technical checks across 10 GDPR-relevant dimensions, not legal compliance certification.

## Grade scale

Privacy grades are scored 0–100:

- A+ (90–100): Excellent — all or nearly all checks pass
- A (80–89): Good — minor issues only
- B (70–79): Acceptable — some notable gaps
- C (60–69): Poor — significant compliance gaps
- D (50–59): Very poor — multiple failing signals
- F (below 50): Critical — fundamental compliance failures

## What each dimension checks

1. Pre-consent tracking — are third-party trackers fired before cookie consent is given?
2. Cookie consent banner — does a CMP appear with a genuine Reject All option?
3. CCPA / CPRA signals — Do Not Sell link, GPC signal support, California privacy disclosure
4. Accessibility — automated axe-core WCAG 2.2 violation scan
5. Security headers — HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Permissions-Policy
6. Privacy policy — presence, length, and recency
7. Data Processing Agreement (DPA) — public DPA link under GDPR Article 28
8. Sub-processors list — public sub-processor disclosure
9. AI training disclosure — privacy policy coverage of AI/ML data use
10. Hosting region — geographic data residency disclosure

## Data freshness

Each grade page shows the date of the most recent automated scan. Directory tools are rescanned nightly. Individual scans can be triggered on demand at compliancecheckup.org. The dateModified field in each page's JSON-LD reflects the last scan date.

## Key pages

- Homepage / scanner: https://compliancecheckup.org/
- Tool directory (900+ tools): https://compliancecheckup.org/directory
- Methodology (full scoring rubric and grade thresholds): https://compliancecheckup.org/methodology
- About: https://compliancecheckup.org/about
- All grade pages sitemap: https://compliancecheckup.org/api/sitemap-directory

## Compliance checklists (free, interactive, source-cited)

- GDPR: https://compliancecheckup.org/gdpr-compliance-checklist
- HIPAA: https://compliancecheckup.org/hipaa-compliance-checklist
- PCI DSS: https://compliancecheckup.org/pci-dss-compliance-checklist
- SOC 2: https://compliancecheckup.org/soc2-compliance-checklist
- CCPA: https://compliancecheckup.org/ccpa-compliance-checklist
- ADA / WCAG: https://compliancecheckup.org/ada-website-compliance-checklist

## Grade page examples

Each grade page answers "Is [Tool] GDPR compliant?" with an automated privacy score, self-reported SOC 2 / HIPAA / PCI claims, DPA link, and structured FAQ. Grade pages follow the pattern https://compliancecheckup.org/grade/[slug]:

- https://compliancecheckup.org/grade/notion
- https://compliancecheckup.org/grade/hubspot
- https://compliancecheckup.org/grade/salesforce
- https://compliancecheckup.org/grade/google-analytics
- https://compliancecheckup.org/grade/slack
- https://compliancecheckup.org/grade/zoom
- https://compliancecheckup.org/grade/openai
- https://compliancecheckup.org/grade/microsoft-teams
- https://compliancecheckup.org/grade/stripe
- https://compliancecheckup.org/grade/mailchimp

## Contact

https://compliancecheckup.org/contact