Your CMP is both the lock and the locksmith
Every CMP on the market — Cookiebot, OneTrust, CookieYes, Termly — provides the consent banner AND claims to verify compliance. That's an accounting firm auditing itself.
Regulators increasingly expect independent verification. Just as companies hire penetration testers to prove their firewalls work, compliance teams should use independent tools to prove their consent implementation works. Gretelfy fills that structural gap.
€1.3B+
Total GDPR fines issued since 2018
€60M
CNIL fine to Microsoft for cookie violations (2022)
€5M
CNIL fine to TikTok for banner dark patterns (2023)
87%
of top sites have consent implementation issues
What Gretelfy proves
Automated, continuous evidence that your consent implementation actually works — not just that you have a banner.
Pre-consent violations detected
Every cookie, script, and tracker that fires before a visitor interacts with your consent banner — the #1 thing that gets companies fined.
Consent validation tested
Does clicking "Reject" actually stop tracking? We test no-consent, reject-all, selective consent, and withdrawal scenarios with evidence.
Banner compliance audited
Reject button presence, button parity, pre-ticked boxes, clicks-to-reject — checked against EDPB guidelines and DPA enforcement decisions.
Evidence-grade PDF reports
Timestamped compliance reports with request logs, cookie snapshots, and violation details. Suitable for DPA inquiries and internal audits.
Historical compliance trending
Track your Gretel Score over time. Demonstrate to regulators that you actively monitor and improve consent compliance — not just check once a year.
Consent Mode v2 verification
Validate that Google Consent Mode v2 signals match actual user consent choices. Misconfigured Consent Mode means either GDPR violation or lost measurement data.
How compliance teams use Gretelfy
From quarterly reviews to continuous monitoring — Gretelfy fits into your existing compliance workflow.
Quarterly compliance reviews
Run a full 5-layer scan before each quarterly review. Compare results against the previous quarter to show improvement trajectory.
Pre-audit preparation
Know exactly what auditors will find before they find it. Fix violations proactively and present evidence of remediation.
Continuous monitoring between audits
Websites change daily. Gretelfy catches compliance regressions within hours — not months later at the next audit.
DPIA evidence collection
Data flow mapping and third-party transfer identification supports Data Protection Impact Assessments with real evidence.
Recommended: Professional plan
Full 5-layer scanning, daily automated checks, Slack alerts, and branded compliance reports. Everything a compliance team needs.
- Up to 5 domains
- Daily automated scans
- All 5 layers of compliance scanning
- Data flow intelligence with PII detection
- Email and Slack alerts
- Branded compliance reports
- API access (coming soon)
- 90-day scan history
Single domain? Monitor starts at €49/mo. Managing 5+ domains? See the Agency plan.