Service 04
Your website is often the source of your highest-risk data collection — and where regulators look first. This service audits your site, ad tech stack, and analytics setup, then fixes the gaps.
What's Included
Your website and marketing stack are where most privacy violations originate — and where regulators and plaintiffs look first. This service audits your digital presence, identifies the gaps, and brings your online practices into compliance.
A cookie banner that does not actually block cookies. A privacy policy that does not mention the pixels running on your site. A Google Analytics setup that classifies as data sharing under California law. These are the kinds of issues this service finds and fixes.
Engagement Summary
Cookie Audit
A complete inventory of all cookies and trackers running on your website — including third-party scripts you may not know are there. Most businesses have 3–5x more trackers running than they realize.
Consent Management Setup
Configuration of a consent management platform appropriate for your traffic geography and compliance obligations. Covers categorization, consent records, and proper blocking behavior.
Ad Data Review
Review of your Google Ads, Meta Ads, and other ad platform data integrations for privacy compliance — including whether your pixel configurations constitute "selling" or "sharing" under applicable state laws.
Privacy Notice Updates
Revisions to your privacy policy and cookie policy to accurately reflect your actual tracking practices. If your policy does not mention the tools you are running, it is making things worse — not better.
Email Marketing Compliance
Review of your email marketing program for CAN-SPAM and applicable state law compliance — including list acquisition practices, consent records, and unsubscribe mechanisms.
GPC Signal Implementation
Implementation guidance for honoring Global Privacy Control signals where required by law — California, Colorado, Connecticut, and Oregon. This is a legal requirement in those states, not optional.
Common Questions
Do I need a cookie consent banner?
It depends on your traffic. If you have visitors from California, Colorado, Connecticut, Oregon, or Texas — and you use any tracking beyond essential cookies — yes. We will determine exactly what is required for your situation and implement accordingly.
What if I use a third-party website builder?
Most platforms — Shopify, Squarespace, WordPress, Webflow, Wix — can be configured for compliance. Implementation guidance is tailored to your platform.
Does this include ongoing monitoring?
This is a project-based engagement. Tracking practices change as you add new tools, and laws evolve — ongoing monitoring is available through the Fractional CPO retainer.
What if I use Google Analytics?
GA4 collects data. Whether that constitutes "selling" or "sharing" under state law depends on your configuration and what you do with the data. We will assess your specific setup and tell you exactly what changes — if any — are needed.
Book a free 30-minute discovery call — we'll confirm scope and timeline based on your site and ad stack.