Everything you need to achieve compliance — from assessments, notices and consent to processor management, processing records, and a public Transparency Center — in hours, not months.
Three agents read your public surface, then score it against the same Methodology v1.8 rules the full Dxtra platform uses — returning a Low / Medium / High risk band, never a vanity score.
The Surface Agent fetches your homepage, footer and notice links; the Browser Agent drives a real headless browser for cookies, trackers, Reject-All and GPC.
The Policy AI reads your privacy notice for the substance regulators expect — rights, transfers, retention, contacts — across the jurisdictions you touch.
Findings map to NIST, ISO 27701 and ENISA, each paired with the Dxtra capability that fixes it — and a projected band after remediation.
A cookie banner is not compliance. The scanner looks across the obligations behind a credible privacy program — and tells you which are missing.
Is there a notice, is it reachable, and updated in the last 24 months?
A clear DSAR / rights-request route and a designated privacy contact.
Cookies before consent, a working Reject-All, and Global Privacy Control.
International-transfer disclosures and the mechanisms that legitimise them.
Whether a record of processing activities (ROPA) is referenced.
Singapore, Japan, India, China, Canada, Switzerland, Korea & more — applied where a nexus is detected from your public surface.
Health, biometric, financial, child-directed and AI-decisioning sites use tighter bands.
Transparency hubs and sub-processor lists are credited — but never inflate the band.
Privacy fines have surpassed €6 billion. These are all real cases against businesses that assumed the rules didn't apply to them.
A pharmacy in Spain stored customer health data and medication records in an Excel spreadsheet — no legal basis, no security safeguards.
If you track customer data in spreadsheets, this applies to you.
Source: AEPDA small dental practice in California responded to negative Yelp reviews by including patient names and treatment details — a HIPAA violation they did not see coming.
A single social media reply can trigger a federal investigation.
Source: HHS OCRA hotel in Hamburg routinely photocopied guests’ ID cards at check-in. Regulators found no valid legal basis to keep the copies under the GDPR.
Everyday processes you think are normal can be non-compliant.
Source: HmbBfDIDrizly, an alcohol delivery platform, ignored known security vulnerabilities for two years. When 2.5 million customer records were exposed, the FTC order followed the CEO to any future company.
Founders and CEOs can be held personally accountable.
Source: FTCThe scan is free. When you're ready to close the gaps, Dxtra generates your privacy program — policies, notices, consent, records — in hours. Every plan includes all 16 capabilities; plans differ only in usage limits.
Run a free, anonymous scan — or take the 30-second quiz if you sell without a website.
The Dxtra Privacy Scanner is an automated diagnostic indicator based on publicly available information. It is not legal advice and not a determination of regulatory breach. Privacy law is jurisdiction- and fact-specific. For material decisions, consult a qualified privacy professional. Methodology v1.8 · Research preview.