https://threatmodeler.com
Compliance
· 23 checks — WCAG, consent & privacy, language, viewport, cookie inventory, and legal pages rolled into one auditable list.SCORE
68
GRADE
D
FIX
2
REVIEW
5
PASS
13
INFO
3
Checks
2313 PASS 5 REVIEW 2 FIX
FGDPR Article 13 DisclosuresAction0 / 8 Art. 13 categories matched in homepage bodyFIX
GDPR Article 13 Disclosures
Action0 / 8 Art. 13 categories matched in homepage body
0 / 8 Art. 13 categories matched in homepage body
Warning::
GDPR Article 13 disclosure coverage: 0 / 8 categories
Scanned the homepage body text for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: this scan does not fetch the privacy policy sub-page; if Article 13 disclosures live there, they are not visible to this check.
Got: 0/8
FLegal Page EcosystemAction0 of 7 expected legal pages detectedFIX
Legal Page Ecosystem
Action0 of 7 expected legal pages detected
0 of 7 expected legal pages detected
Warning::
Privacy Policy not detected
No link matching common Privacy Policy URL patterns or link text was found. Most websites are expected to have a Privacy Policy, especially those collecting user data.
Warning::
Terms of Service not detected
No link matching common Terms of Service URL patterns or link text was found. Most websites are expected to have a Terms of Service, especially those collecting user data.
Info::
Cookie Policy not detected
No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.
Info::
Accessibility Statement not detected
No link matching common Accessibility Statement URL patterns or link text was found. Most websites are expected to have a Accessibility Statement, especially those collecting user data.
Info::
DMCA / Copyright Notice not detected
No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.
Info::
Refund / Returns Policy not detected
No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.
Info::
Acceptable Use Policy not detected
No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.
Privacy PolicyNot found
Terms of ServiceNot found
Cookie PolicyNot found
Accessibility StatementNot found
DMCA / Copyright NoticeNot found
Refund / Returns PolicyNot found
Acceptable Use PolicyNot found
0 of 7 common legal pages detected
BAccessibility StatementNo accessibility statement detectedREVIEW
Accessibility Statement
No accessibility statement detected
No accessibility statement detected
Warning::
No accessibility statement detected
Sites are increasingly expected to publish an accessibility statement. Required by EU Web Accessibility Directive 2016/2102 for public-sector bodies; recommended best practice elsewhere. Common URLs: /accessibility, /accessibility-statement, /a11y.
BThird-Party Trackers12 trackers detectedREVIEW
Third-Party Trackers
12 trackers detected
12 trackers detected
Info::
12 third-party trackers detected
Found 7 analytics, 0 advertising, 1 marketing, 1 tag manager, 2 session-replay, 0 heatmap trackers.
Got: 12 trackers
Warning::
2 session-replay tool(s) detected (Hotjar, Microsoft Clarity)
Session-replay tools record what users type, click, and scroll. Under GDPR these are high-risk processing requiring explicit consent and (per UK ICO and French CNIL guidance) often a Data Protection Impact Assessment. Mask sensitive form fields and gate firing on user consent.
CCopyright NoticeActionNo copyright notice detectedREVIEW
Copyright Notice
ActionNo copyright notice detected
No copyright notice detected
Info::
No copyright notice detected
No copyright notice detected in the page content. While not legally required in most jurisdictions (copyright exists automatically), a notice is standard practice and signals site ownership.
Copyright Notice Not Detected
Copyright exists automatically — a notice is standard practice but not legally required.
BCompliance Badges1 compliance badge(s) detectedREVIEW
Compliance Badges
1 compliance badge(s) detected
1 compliance badge(s) detected
Info::
TRUSTe / TrustArc badge detected
Found via body text: 'truste'. Note: the presence of a badge does not verify the certification is current or valid.
Got: Detected by: body text
SOC 2
ISO 27001
PCI DSS
GDPR Certified
HIPAA Compliant
Better Business Bureau
TRUSTe / TrustArc detected
Detected by: body text
Evidence: truste
Privacy Shield
McAfee SECURE / TrustedSite
Norton Secured
Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.
A+WCAG ComplianceNo testable criteriaPASS
WCAG Compliance
No testable criteria
No testable criteria
Level A
Level AA
0
Passed
0
Failed
0
Partial
0
Manual review
0
Not tested
Key accessibility barriers
Links with unclear purpose
5 link(s) have empty or generic text
Screen reader users navigating by link list
Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.
Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket
A+Cookie Consent & Privacyprivacy policy foundPASS
Cookie Consent & Privacy
privacy policy found
privacy policy found
Info::
Privacy policy link found
Got: https://threatmodeler.com/trust/privacy-policy/
Info::
Terms of service link found
Info::
No cookie consent banner detected
Info::
1 essential cookie(s) on initial load — no consent required
Info::
This is an automated check, not legal advice
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Consent Banner Not detected Privacy Policy https://threatmodeler.com/trust/privacy-policy/ Terms of Service https://threatmodeler.com/trust/terms-of-service/
Pre-consent Cookies
__cf_bm Functional
This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Why this matters
Disclaimer: legal-page checks identify presence/absence; consult counsel for legal sufficiency.
A+Consent UX DepthNo consent-UX depth issues detectedPASS
Consent UX Depth
No consent-UX depth issues detected
No consent-UX depth issues detected
Info::
No consent-UX depth issues detected
A+Tracker Inventory5 known tracker(s) detectedPASS
Tracker Inventory
5 known tracker(s) detected
5 known tracker(s) detected
Info::
5 known tracker(s) detected
Inventory of trackers loaded by the page (matched against a curated SDK URL registry):
tag-manager: Google Tag Manager | analytics: Google Analytics 4 | marketing: LinkedIn Insight | session-replay: Microsoft Clarity, Hotjar
Each entry maps a script URL pattern to a known vendor SDK. This is purely informational -- consent posture / pre-consent firing is graded by the consent analyzer.
ALanguage & i18nLang attribute presentPASS
Language & i18n
Lang attribute present
Lang attribute present
Info::
<html lang> attribute is present
Info::
<html lang> value is valid
Info::
No Content-Language HTTP header
Info::
Language signals are inconsistent
The <html lang> attribute and Content-Language header should agree.
Page Language DetectedContent-Language Header ——Consistent No—
The <html lang> attribute and Content-Language header should agree.
Why this matters
<html lang>, Content-Language, or og:locale disagree — pick one source of truth and align the others.
Learn more ▾ ▴
Browsers and assistive tech use different sources for language. When they disagree, behavior is undefined: some pronounce by <html lang>, some by Content-Language. Decide on the canonical language for the page and set all signals to match.
Source: WCAG 2.1 SC 3.1.1
A+Hreflang ConfigurationNo hreflang tags on this pagePASS
Hreflang Configuration
No hreflang tags on this page
No hreflang tags on this page
Info::
No hreflang tags found (single-language site)
A+Internationalization ExtrasNo additional i18n signals detectedPASS
Internationalization Extras
No additional i18n signals detected
No additional i18n signals detected
Info::
No additional i18n signals detected
A+Readability & TypographyFont sizes and tap targets checkedPASS
Readability & Typography
Font sizes and tap targets checked
Font sizes and tap targets checked
A+Viewport ConfigurationViewport properly configuredPASS
Viewport Configuration
Viewport properly configured
Viewport properly configured
Info::
Viewport meta tag is present
Info::
width=device-width is set
Info::
User zooming is allowed
Viewport Configuration Good
Content
width=device-width, initial-scale=1
width=device-width
Responsive layout enabled
initial-scale=1
Correct initial zoom level
User zooming allowed
Accessibility-friendly — users can zoom
A+Tracking Pixel InventoryNo tracking pixels detectedPASS
Tracking Pixel Inventory
No tracking pixels detected
No tracking pixels detected
Info::
No tracking pixels detected
A+Browser FingerprintingNo browser-fingerprinting libraries detectedPASS
Browser Fingerprinting
No browser-fingerprinting libraries detected
No browser-fingerprinting libraries detected
Info::
No browser-fingerprinting libraries detected
A+Beacon Tracking (sendBeacon)No navigator.sendBeacon usage detected in inline scriptsPASS
Beacon Tracking (sendBeacon)
No navigator.sendBeacon usage detected in inline scripts
No navigator.sendBeacon usage detected in inline scripts
Info::
No navigator.sendBeacon usage detected in inline scripts
Regulatory Indicators1 regulatory indicator(s) detectedINFO
Regulatory Indicators
1 regulatory indicator(s) detected
1 regulatory indicator(s) detected
Info::
This is a technical scan, not a legal assessment
BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
Info::
GDPR indicators detected (moderate confidence)
Indicators suggesting GDPR may be relevant: Privacy policy page found. EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
Got: 1 indicators: Privacy policy page found
This is a technical scan, not a legal assessment.
BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.
GDPR Moderate
EU General Data Protection Regulation — governs collection and processing of personal data of EU residents.
Indicators detected
- Privacy policy page found
Third-Party Data Sharing7 third-party service(s) detectedINFO
Third-Party Data Sharing
7 third-party service(s) detected
7 third-party service(s) detected
Info::
Data inventory for transparency purposes
This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
Info::
7 third-party services across 7 categories
7 third-party services detected across 7 categories: Analytics (1), Tag Management (1), Session Recording (1), Marketing (1), Error Tracking (1), Advertising (1), CDN (1). Each of these services receives some user data from your site visitors.
Info::
Google Analytics (Analytics)
Detected via script URL. Typically collects: Page views, User behavior, Demographics, Device info, IP address. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Analytics | Data types: Page views, User behavior, Demographics, Device info, IP address
Info::
Google Tag Manager (Tag Management)
Detected via script URL. Typically collects: Orchestrates other tracking scripts, Page views. Privacy policy: https://policies.google.com/privacy. Data Processing Agreement available.
Got: Category: Tag Management | Data types: Orchestrates other tracking scripts, Page views
Info::
Hotjar (Session Recording)
Detected via script URL. Typically collects: Session recordings, Heatmaps, Click patterns, Form interactions. Privacy policy: https://www.hotjar.com/privacy/. Data Processing Agreement available.
Got: Category: Session Recording | Data types: Session recordings, Heatmaps, Click patterns, Form interactions
Info::
HubSpot (Marketing)
Detected via script URL. Typically collects: Lead tracking, Form submissions, Page views, Email tracking. Privacy policy: https://legal.hubspot.com/privacy-policy. Data Processing Agreement available.
Got: Category: Marketing | Data types: Lead tracking, Form submissions, Page views, Email tracking
Info::
Sentry (Error Tracking)
Detected via script URL. Typically collects: Error reports, Stack traces, User context, Device info. Privacy policy: https://sentry.io/privacy/. Data Processing Agreement available.
Got: Category: Error Tracking | Data types: Error reports, Stack traces, User context, Device info
Info::
LinkedIn Insight (Advertising)
Detected via script URL. Typically collects: Page views, Conversions, Ad targeting, Professional demographics. Privacy policy: https://www.linkedin.com/legal/privacy-policy. Data Processing Agreement available.
Got: Category: Advertising | Data types: Page views, Conversions, Ad targeting, Professional demographics
Info::
Cloudflare (CDN)
Detected via cookie name. Typically collects: IP address (transient), Request metadata. Privacy policy: https://www.cloudflare.com/privacypolicy/. Data Processing Agreement available.
Got: Category: CDN | Data types: IP address (transient), Request metadata
Analytics (1)
Tag Management (1)
Session Recording (1)
Marketing (1)
Error Tracking (1)
Advertising (1)
CDN (1)
Google Analytics Analytics
Detected by: script URL
Data typically collected:
Page viewsUser behaviorDemographicsDevice infoIP address
Privacy policy → DPA available ✓
Google Tag Manager Tag Management
Detected by: script URL
Data typically collected:
Orchestrates other tracking scriptsPage views
Privacy policy → DPA available ✓
Hotjar Session Recording
Detected by: script URL
Data typically collected:
Session recordingsHeatmapsClick patternsForm interactions
Privacy policy → DPA available ✓
HubSpot Marketing
Detected by: script URL
Data typically collected:
Lead trackingForm submissionsPage viewsEmail tracking
Privacy policy → DPA available ✓
Sentry Error Tracking
Detected by: script URL
Data typically collected:
Error reportsStack tracesUser contextDevice info
Privacy policy → DPA available ✓
LinkedIn Insight Advertising
Detected by: script URL
Data typically collected:
Page viewsConversionsAd targetingProfessional demographics
Privacy policy → DPA available ✓
Cloudflare CDN
Detected by: cookie name
Data typically collected:
IP address (transient)Request metadata
Privacy policy → DPA available ✓
This inventory identifies services receiving visitor data.
Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.
Readability Scores1563 words, Flesch-Kincaid grade 14.4INFO
Readability Scores
1563 words, Flesch-Kincaid grade 14.4
Readability Analysis (Flesch-Kincaid)
Grade Level
14.4
Grade 14 (college+)
Reading Ease
18
Very Difficult
Words
1563
Sentences
109
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.