We don't sell consent.
We verify it.
Think penetration testing, but for privacy. Just as companies hire pentesters to prove their firewalls work, compliance teams use Gretelfy to prove their consent implementation works.
The problem we solve
Every CMP on the market — Cookiebot, OneTrust, CookieYes, Termly — provides the consent banner AND claims to verify compliance. That's an accounting firm auditing itself.
The result? Websites that look compliant on paper but still fire Google Analytics, Facebook Pixel, and marketing scripts before a visitor ever clicks "Accept." Regulators are catching on. CNIL fined Microsoft €60M and TikTok €5M specifically for banner design issues. The Italian Garante issued guidelines explicitly about banner button parity.
Gretelfy creates a new category: Tracking Compliance Intelligence — independent, external validation that a website's consent implementation actually works. Not "do you have a cookie banner?" but "does your cookie banner actually prevent tracking before consent?"
How it works
Submit a URL
Submit a URL. Gretelfy visits your site as a fresh visitor — no cookies, no history, no consent given. A clean slate, like a first-time user.
Capture pre-consent state
We record every cookie set, every script fired, every network request made — all before anyone interacts with a consent banner.
Get your report
Get your Gretel Score, a breakdown of every violation, and clear remediation steps. And that's just Layer 1. We go five layers deeper.
What makes us different
Independent by design
We don't sell consent banners, cookie scripts, or CMP subscriptions. Our only product is the audit itself. That means our incentive is accuracy, not upselling you a consent solution.
Real browser, real results
We don't crawl HTML or guess. We launch a real browser session, load your page, and observe what actually happens. Same experience your visitors get.
Five layers deep
Cookie discovery, banner UX audit, consent validation, continuous monitoring, and data flow intelligence. We go where no CMP scanner can credibly follow.
Continuous monitoring
Websites change. CMPs update. New scripts get added. Gretelfy runs scheduled scans so you catch regressions before a regulator does.
Actionable, not theoretical
Every violation comes with specific remediation steps. Not generic advice — actual instructions your developer can follow to fix the issue.
Evidence-grade reports
Timestamped compliance reports with request logs, cookie snapshots, and violation details. Suitable for DPA inquiries, internal audits, and ISO 27701 evidence.
Who uses Gretelfy
Compliance teams & DPOs
Independent verification that your CMP is working. Evidence-grade reports for regulators and internal audits.
Learn more →Agencies & consultants
White-label compliance auditing for client portfolios. 25 domains, branded reports, and custom alerts.
Learn more →Marketing & analytics teams
Know which tracking scripts fire before consent. Validate Consent Mode v2. Keep your data defensible.
Learn more →Ready to check your compliance?
Run your first scan for free. No account required.