CairnScan, from Azubuike Labs, runs five forensic tests on your website — pre-consent, post-accept, post-reject, GPC signal, and internal routes — documented with SHA-256 evidence hashing. Cookie compliance, consent dark patterns, privacy policy gaps, and multi-jurisdiction exposure. Your consent platform says you're compliant. We produce the proof.
39 regulatory frameworks. Automatic multi-jurisdiction detection.
Not a CMP vendor. Not a cookie scanner. An independent forensic auditor.
We audit OneTrust, Cookiebot, CookieYes, and every other consent platform. No CMP vendor will build this tool — because it exposes failures in their own product. Azubuike Labs builds CairnScan as an independent auditor for consent platforms and privacy stacks.
Designed by Azubuike Labs, an independent RegTech company, CairnScan documents every finding with SHA-256 hashed screenshots, a timestamped action log, and reproducible browser evidence — the format regulators cite in enforcement actions.
The same website gets different grades under GDPR vs CCPA. We detect applicable jurisdictions automatically and score against each one — including GPC testing across 12 US states.
Select the jurisdiction where your company is based. CairnScan automatically detects additional applicable jurisdictions from your privacy policy, domain, and legal documents.
Results in 1 – 3 minutes.
16 automated checks across cookie compliance and privacy infrastructure.
Privacy Setup Checks
Privacy policy, terms of service, cookie policy, and accessibility statement — verified across common URL paths.
Whether required legal pages are linked from the footer of every page, not buried or missing.
"Do Not Sell or Share" link detection — required if you share visitor data with advertising platforms.
A persistent cookie preferences link so users can change their consent after the initial banner disappears.
Forms collecting email addresses checked for consent checkboxes, pre-checked dark patterns, and privacy links.
Analyzes your privacy policy against 13 required GDPR disclosure elements with sub-element analysis.
Automatic identification of all applicable jurisdictions from your domain, privacy policy, hreflang tags, and legal documents.
Determines your primary legal obligation from governing law clauses, corporate entity suffixes, and physical address patterns.
The free scan gives you your compliance grade and headline findings. Paid tiers go deeper.
All plans are provided by Azubuike Labs LLC. Reports include timestamped forensic evidence with SHA-256 integrity hashes.
Why re-scan quarterly? Websites change constantly — new analytics tags, CMP drift, privacy policy updates, new regulations. A quarterly re-scan catches regressions before a regulator does.
OneTrust, Cookiebot and CookieYes are Consent Management Platforms — they implement the consent banner. CairnScan is an independent auditor — we test whether their implementation actually works. We open a fresh browser, click Reject All, and document every cookie that persists. No CMP vendor will build this tool because it exposes failures in their own product. Beyond consent testing, CairnScan analyzes dark patterns with measured CSS evidence, checks your privacy policy against 13 GDPR-required disclosure elements, tests GPC signal compliance, and provides jurisdiction-specific scoring across 37 regulatory frameworks.
GDPR (EU), UK GDPR + PECR, nFADP (Switzerland), CCPA/CPRA (US), PIPA (South Korea), APPI (Japan), PDPA (Singapore), LGPD (Brazil), DPDP Act (India), Privacy Act (Australia), PIPEDA (Canada), Quebec Law 25, Privacy Act 2020 (New Zealand), PIPL (China), 152-FZ (Russia), PDPA (Thailand), KVKK (Turkey), Privacy Protection Law (Israel), POPIA (South Africa), Law 25,326 (Argentina), Law 1581 (Colombia), Ley 29733 (Peru), Ley 18.331 (Uruguay), NDPA (Nigeria), PDPA (Taiwan), PDPL (Saudi Arabia), Federal PDPL (UAE), DPL No. 151 (Egypt), DPA 2019 (Kenya), DPA 2012 (Ghana), DPPA 2019 (Uganda), LFPDPPP (Mexico), Data Protection Law (Chile), Data Privacy Act 2012 (Philippines), PDPA 2010 (Malaysia), PDPL (Vietnam), and PDP Law 2022 (Indonesia). CairnScan automatically detects which jurisdictions apply based on your privacy policy content, domain signals, hreflang tags, and company location. GPC signal compliance is tested against the legal requirements of 12 US states.
Yes. The scan uses a standard headless browser — the same technology Google uses to index your site. It sends normal HTTP requests, clicks your consent banner, and observes the response. It does not modify your site, inject code, or access any authenticated areas.
Only you. Your report is delivered to the email address you provide and stored on our servers for 90 days, then automatically deleted. We do not publish, share, or sell scan results. Full details in our Privacy Policy.
You get an instant summary report with your compliance grade, cookie breakdown, reject-path test result, and privacy setup findings. If you want the full report — complete cookie inventory, visual evidence, dark pattern analysis, policy adequacy review, and phased remediation roadmap — you can schedule a free 15-minute review call.
The report includes SHA-256 hashed screenshots, a timestamped forensic action log, and per-cookie penalty transparency — the evidence format regulators reference in enforcement actions. It is designed to be shared with legal counsel or attached to a regulatory filing. However, it is a technical assessment, not legal advice.
The free scan gives you both compliance grades and headline findings. The $750 Diagnostic adds the complete technical evidence. The $2,000 plan adds a step-by-step remediation roadmap. The $3,000 plan adds a strategic consultation. All paid tiers are available as annual plans with quarterly re-scans at up to 27% off.
CairnScan is developed and operated by Azubuike Labs LLC, an independent RegTech company focused on compliance engineering and advisory services.