See which trackers fire before your visitors say "Accept".
PrivaScan loads your site in a real browser and records every tracker, pixel and cross-border data transfer that runs — before consent. The #1 cause of KVKK & GDPR fines, made visible.
- Pre-consent
- trackers
- Cross-border
- transfers
- Cookies
- & storage
- KVKK · GDPR
- mapped
Built for the regulations that carry the biggest fines
Loading your site in a real browser…
Recording every network request, cookie and storage write. This takes 15–30 seconds.
From a URL to a defensible privacy record
No setup, no sign-up. Paste an address and see the data flows in seconds.
Paste a URL
Enter any public page — your homepage, a landing page, a checkout.
We load it for real
The page runs in a real browser while we record every request, cookie and storage write.
We classify the risk
Trackers are matched to vendors and categories; pre-consent and cross-border flows are flagged.
You get the evidence
A prioritized list with fix steps and a verifiable report — proof you can hand to auditors.
Pre-consent tracking
- Analytics fired on load
- Ad & social pixels
- Tag managers
- Before any consent
Cross-border transfers
- Data sent to the US
- Russia / China endpoints
- KVKK Art. 9 risk
- GDPR Chapter V risk
Session recording
- Hotjar / Clarity
- Yandex Webvisor
- FullStory / Mouseflow
- Screen replay of users
Storage & Shadow IT
- Cookies (incl. HttpOnly)
- localStorage / IndexedDB
- Unexpected 3rd parties
- Leftover plugins & CDNs
Evidence and risk indicators — not legal advice
PrivaScan surfaces the technical signals behind KVKK/GDPR risk and maps them to the relevant articles. It is an evidence and monitoring tool, not a law firm or a guarantee of compliance.
The bridge between your Legal and IT teams
Your lawyer can't see the technical leaks; your developer can't read the legal risk. PrivaScan translates one into the other.
Prioritized findings
Trackers sorted critical-first, each tied to the vendor, category and the article it touches.
Data mapping inventory
A ready GDPR Art. 30 processing table: what data, by whom, for what, to where.
Developer fix steps
Concrete remediation — e.g. block Google Tag Manager until consent — not vague warnings.
Verifiable evidence
A dated, SHA-256-sealed report you can show a regulator: "we audit regularly".
Start free, prove compliance when you need to
Run single-page scans for free. Move to monitoring and full-site evidence when you are ready.
Scan
On-demand
- Single-page scans, unlimited
- Pre-consent tracker detection
- Cross-border transfer flags
- Cookies & web-storage inspection
- No sign-up required
Monitor
Continuous
- Everything in Scan
- Daily scheduled re-scans
- Email alerts on new trackers
- Full-site crawl (up to 25 pages)
- Privacy findings report (PDF)
Compliance
Full-site + KVKK/GDPR
- Everything in Monitor
- Full-site crawl (up to 250 pages)
- Up to 10 sites
- GDPR Art. 30 data inventory (PDF)
- Priority support
Questions, answered
Isn't a cookie banner enough to be compliant?
Which laws does this cover?
How does the scan work?
Is this legal advice?
Do you store the pages I scan?
What is your site leaking right now?
Run a free scan and see the trackers that fire before consent. No account, no credit card.