Summary
This auditor crawls your web app to flag gaps between what your privacy policy says and what trackers you're actually running. Good for PIAs, pre-launch checks on marketing pages, or M&A due diligence when you need to know what's really collecting data. It catches client-side stuff like cookies and tracking scripts, but won't see server-side tracking or scripts that only fire conditionally. Honest take: it's a focused technical sweep, not a legal opinion. If you're trying to avoid the "we said we don't use third-party analytics but Google Tag Manager is everywhere" problem, this catches that.
Install to Claude Code
npx -y skills add jorgealves/agent_skills --skill gdpr-ccpa-privacy-auditor --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.mdView on GitHub
GDPR/CCPA Privacy Auditor
Purpose and Intent
The gdpr-ccpa-privacy-auditor is a transparency tool. It helps companies ensure that their public-facing privacy policies actually match their technical implementations, preventing "Privacy Washing" and reducing the risk of regulatory fines.
When to Use
- Privacy Impact Assessments (PIA): Run as part of a recurring privacy review.
- Marketing Launches: Check new landing pages to ensure new trackers haven't been added without updating the policy.
- Due Diligence: Audit a target company's website during a merger or acquisition.
When NOT to Use
- Internal Only Apps: Not designed for apps behind a firewall or VPN without public endpoints.
- Comprehensive Legal Audit: Only focuses on technical indicators (cookies, scripts, data models); does not audit physical security or organizational policies.
Error Conditions and Edge Cases
- Server-Side Tracking: Trackers that run purely on the server (no client-side script) cannot be detected via URL scanning.
- Dynamic Content: Some trackers may only load for specific regions or after specific user interactions (like clicking a button).
Security and Data-Handling Considerations
- Passive Scanning: When scanning URLs, it acts like a standard browser.
- Source Code Privacy: If providing
source_code_path, ensure the environment is secure and the code is not transmitted externally.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
