Free · No signup · Results in 60 seconds
Is your website privacy compliant?
One scan checks your site against CIPA, GDPR, CCPA, and Washington MHMD simultaneously. Get a grade and full findings emailed to you in under 90 seconds.
Need help fixing the issues?
Book a 20-min call with our compliance team to walk through your results.
Which privacy laws apply to your site?
Most US websites are subject to at least two of these. The scan checks all four at once — or go deeper on a specific law:
- CIPA
California Invasion of Privacy Act
Applies to: Any site with California visitors
Risk: Demand letters averaging $2,500 per visitor
Pre-consent tracking pixels (GA, Meta, etc.) before a visitor clicks Accept are the most common violation.
- GDPR
EU General Data Protection Regulation
Applies to: Any site that collects data from EU residents
Risk: Fines up to €20M or 4% of global revenue
US companies are not exempt. EU DPAs have found standard Google Analytics setups non-compliant.
- CCPA / CPRA
California Consumer Privacy Act
Applies to: Businesses collecting data from California residents
Risk: $2,500–$7,500 per intentional violation
Global Privacy Control (GPC) must be honored as an opt-out signal — most sites ignore it.
- MHMD
Washington My Health, My Data Act
Applies to: Sites that handle consumer health data
Risk: Private right of action — any WA resident can sue
Broader than HIPAA — covers fitness data, symptom searches, appointment booking, and more.
What the scan checks
- ✓Tracking pixels firing before consent
- ✓Consent banner presence and behavior
- ✓Reject button — does it actually stop trackers?
- ✓"Do Not Sell" link and DSR portal
- ✓Global Privacy Control (GPC) signal handling
- ✓Third-party scripts loading pre-consent
- ✓Cookie categories and disclosure accuracy
- ✓Cross-regime grade A–F with violation detail
Frequently asked questions
- Which privacy laws apply to my website?
- It depends on where your visitors are. CIPA and CCPA apply if you have California visitors (which is nearly every US site). GDPR applies if any EU residents visit your site, regardless of where your company is based. MHMD applies if your site handles health-related data and has Washington State visitors. Most US websites are subject to at least CIPA and CCPA.
- Do I need GDPR compliance if I am a US company?
- Yes. GDPR applies based on where your visitors are, not where you are incorporated. If EU residents visit your site and you collect any data from them — including via cookies, analytics, or advertising pixels — GDPR applies. EU data protection authorities have fined US companies including Meta (€1.2B), Amazon (€746M), and WhatsApp (€225M).
- What is the difference between CIPA and CCPA?
- CIPA (California Invasion of Privacy Act) covers the interception of communications — specifically, tracking visitors before they consent. It is enforced through private lawsuits and demand letters, with settlements around $2,500 per visitor. CCPA (California Consumer Privacy Act) covers broader data rights: the right to know, delete, and opt out of the sale of personal information. CPRA (2023) added Global Privacy Control as a required opt-out mechanism.
- What does this free scan actually check?
- The scan visits your site from a California IP, loads your page without interacting with any consent banner, and records every tracking pixel, cookie, and third-party script that fires before a user consents. It then checks for a consent banner, a reject button that actually stops trackers, a Do Not Sell link, and GPC signal handling. Results are graded A–F and emailed to you within 90 seconds.
- What happens after I scan?
- You receive an email with your compliance grade and a breakdown of every violation found. If you want to fix the issues, PieEye offers a consent management platform that installs in minutes and handles CIPA, CCPA, GDPR, and MHMD automatically.
- Is this scanner really free?
- Yes. The scan is free with no signup required, no credit card, and no obligation. We require a business email to send your results — free email providers like Gmail and Yahoo are not accepted.