Compliance you can prove, not just claim

Your policy says one thing. Your site does another.

Auditto scans your site, reads your privacy policy, and cross-references what you declare with what you actually do. It surfaces every divergence with the exact GDPR, CCPA or LGPD basis you are breaching.

No card. Result in 90s. 1 free scan per domain.

90s
from scan to report
75+
automated checks
3
jurisdictions (GDPR/CCPA/LGPD)
0
external trackers on this page

Live compliance audits

How public sites score right now

Every card below is a real-time scan of a public site, observed in the same browser context as any visitor. Click to see the full report — the methodology is identical to what runs on your own site.

These are public observations of public sites, not endorsements or partnerships. Each report links to our exact methodology and findings.

scan completo · há 12s
seudominio.com.br

3 violações críticas encontradas

De 75 verificações executadas. Detalhes abaixo.

  • Google Fonts carregado pré-consentimento
    fonts.gstatic.com · transfere IP a servidor nos EUA
    crítico
    LGPD art. 33 + art. 8º
  • GA4 ativo antes do banner
    gtag.js setou _ga em 0ms · cookie persistente
    crítico
    LGPD art. 8º
  • Meta Pixel não declarado na política
    connect.facebook.net · violação de transparência
    atenção
    LGPD art. 6º (transparência)
Compliance Score
0 / 100
Risco alto · ANPD passível
LGPD 34 / 100
GDPR 41 / 100
CCPA 52 / 100
The problem

Cookie banners are theater.
Most of them block nothing.

You installed the cookie plugin. The banner shows up. You feel safe. But your site keeps loading Google Fonts, GA4, Meta Pixel and jQuery from a CDN before the visitor clicks "Accept". That is not compliance — it is performance.

Cookies before consent

9 out of 10 sites with a banner already set _ga, _fbp and TikTok cookies before the user clicks. Under GDPR that is a direct breach of Art. 6 + Art. 7.

Illegal Google Fonts

Munich court (2022): €100 + costs for loading fonts from gstatic.com. GDPR treats this as an international transfer. Almost no one self-hosts.

Generic policies that lie

Policy says "we do not share data". Your site loads Meta Pixel. That is misleading advertising + a transparency violation.

How it works

Three steps, 90 seconds.

01

We discover your policy

We automatically find your Privacy Policy, Terms of Use and Cookie Policy in English, Portuguese and Spanish. Footer, sitemap and standard paths.

02

We scan your site

We load it four times: pre-consent, with "Reject all", with "Accept all" and on sensitive pages (signup, checkout). We capture every cookie, every request, every tracker.

03

We cross-reference and classify

We compare what you declare with what you do. Every divergence becomes a finding classified by severity, with the exact GDPR / CCPA / LGPD legal basis.

The differentiator

We cross-reference what you declare
with what you actually do.

Most scanners only look at the site. Policy generators only look at the document. Auditto is the only tool that puts the two side by side and shows you where they match — and where they contradict each other.

Cross-reference matrix
Declared + Observed
You say it, you do it. Transparency upheld.
!
Observed, not declared
Transparency violation. Potential regulator fine.
·
Declared, not observed
Promise kept. Good signal.
Falsely declared
Says one thing, does another. Misleading + GDPR Art. 5.
A real example
Política diz
"Your policy says: "We do not use third-party analytics."
Site faz
Your site loads: gtag.js (Google Analytics 4) on the home, before consent.
Veredito
Transparency breach + Art. 6 + Art. 44 (international transfer to the US).
Features

Everything you need to actually comply.

WP plugin with real blocking

Not just a banner — it blocks trackers at the server level before the browser sees them. Auto-detects every cookie and pixel. Installs in 30 seconds.

Real multi-language

Policy in English, Portuguese and Spanish with legally accurate terms for each jurisdiction. Not literal translation — native legal drafting.

Signed PDF for auditors

Full report exportable to PDF, with integrity hash and timestamp. Accepted by lawyers, auditors and regulators.

Multi-site dashboard

Manage 5, 20, 100 sites from one place. Side-by-side comparisons, alerts when a site falls out of compliance.

API + Webhooks

Plug Auditto into your CI/CD, trigger scans after each deploy, get Slack alerts when something breaks compliance.

White-label for agencies

Your brand on the report, your domain in the URL. Resell as your own service without your client ever knowing it is Auditto.

WordPress plugin

Free on wp.org.
Detects what others miss.

The Auditto plugin runs inside your WordPress — it sees what no external scanner can: plugins that load Google Fonts in the admin, themes pulling jQuery from CDNs, webhooks leaking data, external fonts that only appear on specific pages.

  • Detects scripts and styles loaded by EVERY installed plugin
  • Audits HTTP calls WordPress makes server-side
  • Verifies active themes and plugins against a "known offenders" database
  • Feeds the global tracker database — every user benefits
Install the plugin Direct .zip download while we await wp.org approval. Active blocking on paid plans.
seudominio.com.br/wp-admin/admin.php?page=auditto
Auditto · Painel

Rastreadores detectados

12 ativos
Google Analytics 4
gtag.js · Wordfence plugin
Google Fonts (gstatic)
tema "Astra" · footer hook
Meta Pixel
connect.facebook.net · inline script
jQuery (CDN)
code.jquery.com · plugin "WPBakery"
Em breve · wp.org
Pricing

Simple. No surprises.

Cancel any time. All in USD.

Starter

For 1 site. Monthly verification.

US$ 7 /mo

Sem fidelidade · cancele quando quiser

  • 1 site
  • 1 scan per month
  • WP plugin with active blocking
  • Policy in 1 language
  • Email support
Most popular

Pro

For up to 5 sites. Weekly scans.

US$ 20 /mo

Sem fidelidade · cancele quando quiser

  • Up to 5 sites
  • Automated weekly scan
  • WP plugin + policy suggestions
  • Policy in 3 languages
  • Signed PDF for auditors
  • Priority support

Agency

Up to 20 sites. Everything in Pro + multi-site dashboard.

US$ 79 /mo

Sem fidelidade · cancele quando quiser

  • Up to 20 sites
  • Weekly scan per site
  • Multi-site dashboard
  • API + Webhooks
  • Partial white-label
  • Assisted onboarding

More than 20 sites?

Scale plan (100 sites), Enterprise (500+ with full white-label) and Custom for 1000+. Let's talk.

Talk to sales
Frequently asked

Everything you might want to know

Is Auditto a legal consultancy?

No. We are a technical compliance tool. We do not replace your lawyer or DPO — we give them the technical evidence they need to decide. Think of us as the medical exam, not the doctor.

Does the scan work on non-WordPress sites?

Yes. The external scan (via headless browser) works on any site — Shopify, custom, headless, etc. The plugin is WordPress-only, but it is optional. The scan alone covers ~70% of the checks.

How is this different from Iubenda / Cookiebot / Termly?

They generate the policy. We verify that the policy matches reality. They are complementary products: use Iubenda to write your policy, use Auditto to confirm your site actually does what it says.

Do you store personal data of mine or my visitors?

No. Auditto runs no tracker on your site (not even ours). We do not store visitor data. We only store the URLs you ask us to scan and the resulting reports.

Does this landing comply with GDPR?

Yes, intentionally. We load no Google Fonts, no Google Analytics, no Meta Pixel, no Hotjar or any other tracker. We use no cookies (not even session). You can run Auditto on this very page — we expect a 100/100 Compliance Score. If it is not, that is a bug on our side.

Can I cancel anytime?

Yes. No commitment. Cancel with one click in the dashboard. Data exportable to PDF at any time.
Start now

Your policy says you comply.
Prove it.

One free scan. 90 seconds. No card. No complicated signup.

Scan my site for free

No pop-ups. No drip emails. Paste your URL and go.