Compliance you can prove.
To a regulator.
Complicer audits your site the way an enforcement team would: it clicks Reject and Accept on your real banner, proves what happened with observable signals, scores 70 rules across five dimensions, and seals the evidence — SHA-256 hashed, Ed25519 signed, optional RFC 3161 timestamping.
"Banner exists" is a screenshot. "Banner works" is evidence.
Proof is observable, or it isn't proof.
After the click, the banner is gone. The site acted on the choice instead of re-prompting.
banner_disappearedA consent cookie or local-storage key was written, removed, or flipped — the choice was recorded.
consent_storage_changedThe IAB TCF consent string via __tcfapi changed — the CMP itself confirms the new state.
cmp_api_changedA known confirmation appeared — "Your preferences have been saved" — in a language we recognise.
success_messageVerification is granted only when Reject and Accept were both clicked and each is confirmed by at least one signal. Silence is not consent. The rule is enforced in code — the same evidence always produces the same verdict.
One grade. Five dimensions. Zero hand-waving.
Security, consent, cookies, risk and accessibility roll into a single weighted grade — with every finding traceable back to the rule, the click, and the sealed artefact behind it.
Every audit ends as a document you can defend.
One click exports the full audit — findings, screenshots, the signal log and the five-dimension grade — as a PDF that is hashed, signed and timestamped the moment it is generated. When a regulator, client or board asks you to prove it, you attach the file instead of scheduling a meeting.
Compliance tools don't pass their own compliance checks.
We ran ComplyTest's 70-rule audit against four leading compliance platforms. Tested May 2026, against publicly accessible features.
Cookie consent is not compliance. Full GRC is overkill.
Most companies are stuck between tools that do too little and platforms that cost too much.
The EU AI Act, made answerable.
An interactive guide for non-lawyers: risk tiers, provider vs. deployer roles, the eight prohibitions, the Article 6 classification engine, the staged timeline, and every national supervisor — plus a structured assessment in your audit workspace.
€35M / 7%Art. 6–29Art. 51–55Art. 50No code changes, no SDK, no tag-manager setup. The scan starts immediately.
A Playwright EU-region runner visits every page, clicks Reject and Accept, and verifies behaviour with four independent signals.
A 5-dimension grade, prioritised findings, and Ed25519-signed PDF evidence ready for regulators.
Outcome-driven GDPR compliance — banners that actually work, evidence you can show your auditor.
