CCPA
Privacy Policy
The CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.) requires businesses to provide a privacy policy that discloses: categories of personal information collected, purposes of collection, categories of third parties with whom data is shared or sold, consumer rights (right to know, delete, correct, opt-out of sale/sharing), and retention periods. Meta Pixel deployment constitutes 'sharing' of personal information for cross-context behavioral advertising under CPRA. The complete absence of a privacy policy means none of these mandatory disclosures are made.
RecommendationDraft and publish a CCPA/CPRA-compliant privacy policy that includes all required disclosures. Add a prominent 'Do Not Sell or Share My Personal Information' link on the homepage. Implement an opt-out mechanism for the sale/sharing of personal information via Meta Pixel and any other advertising trackers.
CCPA
Privacy Policy
California Consumer Privacy Act / California Privacy Rights Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CCPA
Cookie Consent
CCPA/CPRA requires a "Do Not Sell or Share My Personal Information" option. 3 tracker(s) detected without any opt-out control.
RecommendationAdd a visible "Do Not Sell or Share My Personal Information" link and implement GPC (Global Privacy Control) signal detection.
CPA
Privacy Policy
Colorado Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CPA
Consent Mechanism
The Colorado Privacy Act (C.R.S. §6-1-1301 et seq.) requires controllers to provide consumers the right to opt out of the processing of personal data for targeted advertising and the sale of personal data. The deployment of Meta Pixel constitutes processing for targeted advertising. The site provides no opt-out mechanism and no privacy notice informing consumers of this right. Colorado also requires recognition of universal opt-out signals (e.g., Global Privacy Control) effective July 2024.
RecommendationImplement a clear opt-out mechanism for targeted advertising and data sales. Honor universal opt-out signals such as Global Privacy Control (GPC). Publish a privacy notice that discloses the categories of data processed, purposes, and consumer rights under the CPA.
CPA
Cookie Consent
Colorado Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by CPA (Colorado).
CTDPA
Privacy Policy
Connecticut Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
CTDPA
Cookie Consent
Connecticut Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by CTDPA (Connecticut).
CTDPA
Data Minimization
The Connecticut Data Privacy Act (Conn. Gen. Stat. §42-520 et seq.) requires that personal data collection be limited to what is adequate, relevant, and reasonably necessary for the disclosed purposes. The simultaneous deployment of Google Analytics, Google Tag Manager, and Meta Pixel — without any stated purpose or privacy policy — raises serious data minimization concerns. There is no documentation that the volume of behavioral data collected across three platforms is proportionate to any disclosed business purpose.
RecommendationConduct a data minimization review to determine whether all three tracking platforms are necessary. Remove or consolidate redundant trackers. Document the specific, legitimate purpose for each data collection tool in a published privacy policy. Consider server-side analytics or privacy-preserving alternatives to reduce the volume of personal data processed.
DPDPA
Privacy Policy
Delaware Personal Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
DPDPA
Cookie Consent
Delaware Personal Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by DPDPA (Delaware).
GDPR
Consent Mechanism
Meta Pixel, classified as an advertising/tracking technology, is loaded on the site without any cookie consent banner or mechanism. Under the ePrivacy Directive (Article 5(3)) and GDPR (Articles 6 and 7), non-essential cookies and tracking technologies require informed, freely given, specific, and unambiguous prior consent before being set. Analytics cookies (Google Analytics) also require consent unless configured in a privacy-preserving, cookieless mode. The complete absence of a consent management platform means every visitor's data is collected unlawfully from the first page load.
RecommendationImplement a GDPR-compliant Consent Management Platform (CMP) that blocks all non-essential trackers (Google Analytics, Meta Pixel, Google Tag Manager tags) until the user provides affirmative opt-in consent. Ensure the banner offers granular choices (e.g., necessary, analytics, advertising) and does not use dark patterns.
GDPR
Cookie Consent
Found 3 third-party tracker(s) (Google Analytics, Google Tag Manager, Meta Pixel) but no cookie consent mechanism. GDPR requires explicit opt-in consent before placing non-essential cookies.
RecommendationImplement a cookie consent banner that blocks non-essential cookies until the user provides explicit consent. Consider tools like CookieBot, OneTrust, or a custom implementation.
GDPR
Cross-Border Data Transfer
The site deploys Google Analytics, Google Tag Manager, and Meta Pixel, all of which transmit personal data (IP addresses, device fingerprints, behavioral data) to servers located in the United States. There is no privacy policy documenting the legal mechanism for these transfers (e.g., Standard Contractual Clauses, adequacy decision, or binding corporate rules). Following the Schrems II ruling (C-311/18), transfers to the US require supplementary measures and a valid transfer impact assessment. The absence of any documented safeguards represents a significant GDPR Chapter V violation.
RecommendationConduct a Transfer Impact Assessment (TIA) for each US-based processor. Implement Standard Contractual Clauses (SCCs) with supplementary measures such as pseudonymization or encryption. Document these mechanisms in a publicly accessible privacy policy and maintain records of processing activities under Article 30.
GDPR
Privacy Policy
General Data Protection Regulation requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
GDPR
Third-Party Data Sharing
Found 1 advertising tracker(s): Meta Pixel. Each represents potential data sharing that requires explicit consent under GDPR and a valid legal basis.
RecommendationEnsure each advertising tracker has a clear legal basis (consent), is documented in your privacy policy, and is blocked until consent is given.
ICDPA
Privacy Policy
Iowa Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
ICDPA
Cookie Consent
Iowa Consumer Data Protection Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by ICDPA (Iowa).
INCDPA
Privacy Policy
Indiana Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
INCDPA
Cookie Consent
Indiana Consumer Data Protection Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by INCDPA (Indiana).
KCDPA
Privacy Policy
Kentucky Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
KCDPA
Cookie Consent
Kentucky Consumer Data Protection Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by KCDPA (Kentucky).
MCDPA
Privacy Policy
Montana Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MCDPA
Cookie Consent
Montana Consumer Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by MCDPA (Montana).
MNCDPA
Privacy Policy
Minnesota Consumer Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MNCDPA
Cookie Consent
Minnesota Consumer Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by MNCDPA (Minnesota).
MODPA
Privacy Policy
Maryland Online Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
MODPA
Children's Privacy
The Maryland Online Data Privacy Act includes heightened protections for minors' data and restricts targeted advertising to individuals under 18. The site markets an AI service ('AI That Runs Your Company') broadly without any age gate, terms of service specifying age requirements, or privacy policy addressing children's data. Without any mechanism to identify or exclude minors, and with Meta Pixel actively profiling all visitors for advertising, the site risks processing minors' data for targeted advertising in violation of MODPA's enhanced protections.
RecommendationImplement age-gating or age verification mechanisms as appropriate. Add explicit statements in the privacy policy and terms of service that the service is not directed at individuals under a specified age (e.g., 18). Configure Meta Pixel and other advertising trackers to suppress data collection for users identified or suspected to be minors. Review MODPA's specific minor-protection provisions and ensure full compliance.
MODPA
Cookie Consent
Maryland Online Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by MODPA (Maryland).
NDPA
Privacy Policy
Nebraska Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NDPA
Cookie Consent
Nebraska Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by NDPA (Nebraska).
NHPA
Privacy Policy
New Hampshire Privacy Act (SB 255) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NHPA
Cookie Consent
New Hampshire Privacy Act (SB 255) requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by NHPA (New Hampshire).
NJDPA
Privacy Policy
New Jersey Data Privacy Act (SB 332) requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
NJDPA
Cookie Consent
New Jersey Data Privacy Act (SB 332) requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by NJDPA (New Jersey).
NJDPA
Privacy Policy
The New Jersey Data Privacy Act (SB 332) requires controllers to provide a clear and accessible privacy notice that includes: categories of personal data processed, purposes of processing, how consumers can exercise their rights (access, correction, deletion, opt-out of targeted advertising/sale/profiling), categories of third parties receiving data, and whether data is sold or used for targeted advertising. The complete absence of a privacy policy means NJ consumers are denied all required disclosures. The NJDPA has a notably broad scope with no revenue threshold, increasing the likelihood of applicability.
RecommendationPublish a comprehensive privacy notice that addresses all NJDPA-required disclosures. Include specific instructions for NJ consumers to exercise their rights. Designate and disclose at least one method for consumers to submit data rights requests. Ensure the notice is easily accessible from every page of the website.
OCPA
Privacy Policy
Oregon Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
OCPA
Cookie Consent
Oregon Consumer Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by OCPA (Oregon).
OCPA
Data Protection Assessment
The Oregon Consumer Privacy Act (ORS §646A.570 et seq.) requires controllers to conduct and document data protection assessments for processing activities that present a heightened risk of harm, including targeted advertising and the sale of personal data. The deployment of Meta Pixel for advertising purposes triggers this requirement. There is no indication that any such assessment has been performed or documented, and the absence of a privacy policy suggests broader governance deficiencies around data protection impact analysis.
RecommendationConduct a formal data protection assessment for all processing activities involving targeted advertising (Meta Pixel) and any potential sale of personal data. Document the assessment including the benefits, risks to consumers, and safeguards implemented. Retain the assessment and make it available to the Oregon Attorney General upon request as required by OCPA.
RIDPA
Privacy Policy
Rhode Island Data Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
RIDPA
Cookie Consent
Rhode Island Data Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by RIDPA (Rhode Island).
TDPSA
Privacy Policy
Texas Data Privacy and Security Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TDPSA
Cookie Consent
Texas Data Privacy and Security Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by TDPSA (Texas).
TIPA
Privacy Policy
Tennessee Information Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
TIPA
Cookie Consent
Tennessee Information Protection Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by TIPA (Tennessee).
UCPA
Privacy Policy
Utah Consumer Privacy Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
UCPA
Cookie Consent
Utah Consumer Privacy Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by UCPA (Utah).
VCDPA
Privacy Policy
Virginia Consumer Data Protection Act requires a clear, accessible privacy policy. No privacy policy link was found on this page.
RecommendationCreate and publish a comprehensive privacy policy that covers data collection, usage, sharing, and user rights. Link it prominently in the footer of every page.
VCDPA
Cookie Consent
Virginia Consumer Data Protection Act requires consumers to opt out of targeted advertising and data sales. Trackers detected without consent controls.
RecommendationImplement opt-out controls for data processing activities covered by VCDPA (Virginia).