Annual Report
The State of Website Privacy 2026
We scanned 1,000 of the most popular SaaS and consumer tools. The majority fire marketing trackers before user consent — a GDPR violation — and most lack a functional Reject All button. Here is what the full dataset shows.
How private are the top SaaS tools in 2026?
How are SaaS tools distributed across privacy grades?
How many SaaS tools fire trackers before user consent?
0% of tools fire at least one marketing or analytics tracker before the user interacts with a consent banner. Under GDPR Article 5(3) and the ePrivacy Directive, loading tracking scripts before obtaining consent is a violation that regulators across the EU have repeatedly fined companies for. The baseline expectation is zero non-essential third-party requests before consent.
How many SaaS tools fail accessibility requirements?
0% of scanned tools have at least one accessibility violation. The DOJ's April 2024 final rule under Title II of the ADA explicitly requires web content to conform to WCAG 2.1 Level AA, with compliance deadlines beginning April 2026 for covered entities. Accessibility failures expose organizations to DOJ enforcement and private litigation.
How is the PrivacyGrader score calculated?
Tools were selected from a curated seed list of 903 popular SaaS and consumer products across 20 categories. Scans run automatically on a nightly schedule using PrivacyGrader, a headless Chromium scanner checking 10 privacy and compliance dimensions. Scores reflect observable technical signals only and do not constitute a legal compliance determination. For full details, see the methodology page.
Download the full dataset
Available as a CSV under a Creative Commons Attribution license. If you publish findings based on this data, please cite ComplianceCheckup.org.
Download CSV (CC-BY)