Three agents read the site's public surface, then score it against the same Methodology v1.8 rules the full Dxtra platform uses — returning a Low / Medium / High risk band, never a vanity score.
The Surface Agent fetches the homepage, footer and notice links; the Browser Agent drives a real headless browser for cookies, trackers, Reject-All and GPC.
The Policy AI reads the site's privacy notice for the substance regulators expect — rights, transfers, retention, contacts — across the jurisdictions it touches.
Findings map to NIST, ISO 27701 and ENISA, each paired with the Dxtra capability that fixes it — and a projected band after remediation.
A cookie banner is not compliance. The scanner looks across the obligations behind a credible privacy program — and tells you which are missing.
Is there a notice, is it reachable, and updated in the last 24 months?
A clear DSAR / rights-request route and a designated privacy contact.
Cookies before consent, a working Reject-All, and Global Privacy Control.
International-transfer disclosures and the mechanisms that legitimise them.
Whether a record of processing activities (ROPA) is referenced.
Singapore, Japan, India, China, Canada, Switzerland, Korea & more — applied where a nexus is detected from the site's public surface.
Health, biometric, financial, child-directed and AI-decisioning sites use tighter bands.
Transparency hubs and sub-processor lists are credited — but never inflate the band.
The scan is free. When you're ready to close the gaps, Dxtra generates your privacy program — policies, notices, consent, records — in hours. Every plan includes all 16 capabilities; plans differ only in usage limits.
The Dxtra Privacy Scanner is an automated diagnostic indicator based on publicly available information. It is not legal advice and not a determination of regulatory breach. Privacy law is jurisdiction- and fact-specific. For material decisions, consult a qualified privacy professional. Methodology v1.8 · Research preview.