Know how exposed you actually are.
A complete data privacy audit — what you collect, where it goes, and how exposed you actually are.
3 of 3 dots are off · tap them
Sound familiar?
- 01
Your consent banner was installed, not designed.
It blocks the tags the plugin knew about. The rest fire anyway, consent or not.
- 02
The privacy policy came from a template.
It describes data you don't collect and misses data you do. Nobody's read it since it went live.
- 03
You'd rather hear it from me than from a complaint.
A letter from a data protection authority is a genuinely bad way to find out what your tags do.
One to two days, tag by tag: what actually fires, what it sends, where it lands, and how that maps to GDPR. Before consent and after. What's declared versus what's true.
Then a written report and a walkthrough — with a remediation list ordered by real-world risk, not by theoretical maximum fines designed to scare you into a retainer.
What actually happens.
Tap through the steps — this is the whole engagement, no hidden phases.
Every tag, pixel, and request — inspected live.
I load your site the way a user does and watch what fires: before consent, after consent, after rejection. Network-level inspection, not a checkbox review of your tag manager. The gap between 'configured' and 'actually happens' is where the exposure lives.
What's sent, versus what's declared, versus what's lawful.
Each data flow mapped against your privacy policy and consent states. Personal data going places your policy doesn't mention. Consent states being ignored. Retention nobody chose on purpose.
Plain-language risk, and a fix list in priority order.
What's fine, what's sloppy, what's genuinely risky — in that order, in plain language. We walk through it together so you understand not just what to change, but what each change costs you in data.
What you keep.
A real picture of your exposure — not a scare deck, not a rubber stamp.
- Complete data privacy audit
- Tag-level data flow inspection
- GDPR risk assessment
- Cookie banner and consent state audit
- Written report + walkthrough
- Clear remediation list
Want the tag-level GDPR checklist?
One email, subject prefilled. I reply with the real thing — no drip sequence, no “resources”.
€500 flat, one to two days. If the audit shows you need rebuild work, that's a separate decision made with clear eyes. The report is written so anyone competent can execute the fixes.
Flat €500, one to two days. No calculator needed — that's the point.
Not for you if…
Pointing you at the wrong engagement costs me the thing this whole brand runs on. So, honestly:
You want a certificate saying you're 100% compliant. Nobody honest can sell you that — compliance is a state you maintain, not a badge you're issued.
You need legal advice. I map the technical truth; your lawyer maps it to your obligations. I'm not a lawyer, and the good ones are worth it.
You're pre-launch with three tags and no traffic. Wait until there's something real to audit.
Asked before. Answered straight.
No. It's the technical audit that makes your lawyer's job possible — an accurate map of what your site actually does with data. Lawyers can't inspect network requests; I can't interpret case law. Together it works.
The report tells you what's non-compliant and what each fix costs in data and targeting. What you turn off is your call — my job is making sure it's an informed one, not pretending there's no trade-off.
Not at all. Read access and a live site are all I need. No downtime, no code changes, nothing your users would notice.
One honest insight
about your data
even if we never work together.
30 minutes. You talk, I look at your setup live. You leave with one fix worth making. And if we’re not a fit, I’ll tell you that too.