Not protected

Is your website
really legal?

Compliance is a full-time job. You either have no system in place, or your DIY setup has not been updated or audited since the day it was installed. Let's change that!

Waiting to audit your domain
✓ No credit card ✓ Results in under 60 seconds
0/100
Compliance Score
Audit Required
    Privacy & Cookies Legal Security & Data Analytics & Ads Data Requests Accessibility
    Trusted by
    Time-Rich Recruiter GKR Karate LifeMap Dietitian Success Center Genuine Shift Be Mobile Physio Speech Time Fun
    // how it works

    What happens the moment
    a visitor arrives

    Trust Center sits between every visitor and your compliance obligations — serving consent, managing data requests, and keeping your legal docs current. Automatically.

    Your website
    Visitor arrives
    Cookie consent fired
    Data request received
    Legal page requested
    Trust Center
    Privacy & Cookies
    IAB TCF 2.2ePrivacy
    Legal
    GDPRUK GDPRCCPAPIPEDA
    Security & Data
    Analytics & Ads
    Data Requests
    DSAR
    Accessibility
    WCAG 2.2ADAEN 301 549
    You stay legal
    Regulatory compliance auto-maintained across every jurisdiction your visitors come from.
    Your ads perform
    Consent signals preserved. Google Consent Mode v2 and IAB TCF 2.2 deployed and maintained.
    Your customers trust you
    Branded Trust Center on your domain. Transparent, current, always accessible.
    // the risk

    You have two compliance
    obligations. Most sites fail both.

    Privacy law works in two directions at once. Your home country sets rules for how you run your business. Every country where your customers live sets rules for how you handle their data. These obligations run simultaneously, and new regulations are introduced regularly.

    // obligation one
    Laws based on where
    your business operates
    USCCPA + 20 US state privacy laws. FTC and state attorneys general actively enforcing
    AUPrivacy Act 1988, enforced by the OAIC · 2025 amendments raised civil penalties to AUD $50m
    CAPIPEDA + Québec Law 25. OPC and Commission d’accès à l’information enforcing
    GBUK GDPR + PECR, enforced by the ICO · max fine raised 35× to £17.5m in 2025
    EUGDPR + ePrivacy Directive, enforced by national DPAs across 27 member states
    +
    // obligation two
    Laws based on where
    your customers are based
    EUEU visitor → GDPR applies to you. Enforced by 27 national DPAs, regardless of where you’re based
    GBUK visitor → UK GDPR + PECR. Enforced by the ICO. Their regulator, your legal obligation
    USUS visitor → CCPA + state laws. California, Texas, Virginia, Colorado, each state adds its own
    AUAustralian visitor → Privacy Act 1988. Enforced by the OAIC, extraterritorial reach confirmed
    CACanadian visitor → PIPEDA + Québec Law 25. Same obligations, regardless of your location
    +54Further jurisdictions, each triggered by visitor location, not your registration address
    Every country where you have customers is a country whose laws apply to you. That’s not theoretical. It’s how every major privacy regulation is written.
    // fines

    When you get it wrong,
    fines are real.

    2024 – 2025 · Publicly reported
    EU TikTok
    Data transferred to China without lawful basis
    Irish DPC · 2025
    €530m
    IE LinkedIn
    Behavioural advertising without valid consent
    Irish DPC · 2024
    €310m
    NL Uber
    Driver data stored on US servers without adequate safeguards
    Dutch AP · 2024
    €290m
    FR Shein
    Cookies loaded before consent · Reject All didn’t stop tracking
    CNIL · 2025
    €150m
    Over 60% of all GDPR fines have been issued since January 2023. You don’t need to be breaking the rules intentionally. A misconfigured banner, a missing policy, or a missed data request is enough.
    // why it’s hard

    Compliance isn’t just complicated.
    It’s a full-time job.

    It sits in a gap between legal, technical, and operational work, and most growing businesses aren’t set up to handle it on their own.

    01 / The rules
    Laws change faster than most businesses notice
    UK GDPR, CCPA, and new US state privacy laws update regularly. What was compliant last year may not be today. Tracking changes is a job in itself.
    02 / The tools
    Generic templates don’t match how your site actually works
    A template can’t know you use Google Analytics, Meta Pixel, and Stripe. Getting it right requires a real audit of every tool you have installed.
    03 / The clock
    You have 30 days to respond to a data request
    Without a system, you won’t know the clock is running until it’s too late. A missed request can turn a routine inquiry into a formal complaint.
    04 / The reality
    Founders and managers don’t have time to keep DIY compliance updated
    DIY compliance requires continuous attention: re-reading regulations, updating policies, re-checking your banner every time you add a new tool. That’s not why you built your business.
    // global coverage

    Protects you and your customers,
    globally.

    Privacy laws now affect more than one billion of your potential customers across Europe, the USA, Canada, Australia, and 49 other countries. We route the right compliance experience to the right visitor, automatically.

    54+jurisdictions
    1bn+customers covered
    1subscription
    🇬🇧
    United Kingdom
    UK GDPR · PECR · Enforced by the ICO
    COVERED
    🇪🇺
    European Union
    GDPR · ePrivacy Directive
    COVERED
    🇺🇸
    United States
    CCPA/CPRA · 20 state laws enforced · FTC Act
    COVERED
    🇨🇦
    Canada
    PIPEDA · Québec Law 25
    COVERED
    🇦🇺
    Australia
    Privacy Act 1988 · 2025 Amendments · Enforced by the OAIC
    COVERED
    🌍
    Global
    49+ additional jurisdictions via region-aware routing
    COVERED
    // marketing & ad compliance

    Compliance that protects your
    marketing too.

    Non-compliant consent doesn’t just risk a fine. It degrades your ad data and undermines your attribution. We deploy the frameworks your marketing stack depends on.

    Required

    Google Consent Mode v2

    Required for Performance Max and Smart Bidding to function correctly. Without it, your bidding algorithms operate on incomplete signals. We deploy and maintain it as part of every setup.

    Required

    IAB TCF 2.2 Framework

    The global standard for consent in digital advertising. Required for programmatic, retargeting, and most third-party ad integrations. Standardises consent signals across your entire stack.

    Included

    First-party data protection

    Your email lists, CRM data, and member records are personal data under every jurisdiction. We ensure your data collection, storage, and processing has a lawful basis, protecting your most valuable marketing asset.

    // what you get

    Automated where it should be.
    Human where it matters.

    automated

    Automated cookie scanner

    We crawl your site weekly, classify every cookie, and keep your banner in sync. No dev work.

    managed

    Hosted cookie banner

    Region-aware, IAB TCF 2.2, Google Consent Mode v2. We deploy and maintain it.

    8 docs

    Policy templates, kept current

    Privacy, Cookies, Sub-Processors, Terms, Services Agreement, Accessibility, AUP, Disclaimer. 8 ready-to-go templates, branded and updated for you.

    human

    DSAR funnel: human-handled

    Requests come into us. We verify, action, and close them inside 72 hours. You get the audit log.

    cname

    Trust Center on your domain

    trust.yourbrand.com via CNAME. One link replaces six footer documents.

    quarterly

    Quarterly compliance review

    A real person re-runs the scan, checks new regs, and updates anything that changed. Done for you.

    // works everywhere

    Your platform. Our compliance.

    Two things to install: a CNAME for your Trust Center hub, and a script tag for the consent banner. No plugin. No theme edits. No developer. Works on every major website platform.

    Shopify
    WordPress
    Wix
    Squarespace
    Webflow
    Kajabi
    ClickFunnels
    GoHighLevel
    Ghost
    Carrd
    BigCommerce
    WooCommerce
    Bubble
    Duda
    Showit
    Framer
    HubSpot
    Weebly
    Platform setup guides →
    // knowledge base

    60+ plain-English
    compliance guides.

    Written for online businesses without a legal team. GDPR, CCPA, DSARs, accessibility, country-by-country obligations.

    Browse all articles →
    GDPR

    What is GDPR and does it apply to my online business?

    5 min read
    GDPR

    What to include in a GDPR-compliant privacy policy

    6 min read
    GDPR

    Legitimate interests vs consent: which legal basis do you actually need?

    5 min read
    COOKIES

    Cookie consent 101: what you actually need on your website

    5 min read
    // how it works

    Three steps. Scan, Automate, Protect.

    You hand us the URL. We do the rest. Your team never has to think about consent banners, policy updates, or DSAR requests again.

    01 second 0

    Scan

    Drop in your URL. We crawl the site, classify every cookie, and find every gap in your privacy stack. In seconds.

    02 day 1

    Automate

    We deploy your cookie banner, publish all eight policy templates, and put a Trust Center on your domain. Updates push automatically.

    03 ongoing

    Protect

    We monitor weekly, handle every DSAR ourselves, and review your stack quarterly. You stay covered. We handle it.

    See where your website stands.

    Free scan. No account. Results in 60 seconds.

    ✓ No credit card  ·  ✓ We do everything so you can focus on what you do best