Solution · Privacy & Compliance

Go beyond cookie banners. Know where every byte of customer data goes.

Tags routinely bypass consent controls and send personal data to ad vendors without approval. Koru builds a portfolio-wide inventory of every data variable each tag collects, who receives it, and under what consent condition, refreshed with every daily scan.

Compliance CenterNext review · 23 days
Vendors Detected5
Consent CoverageInconclusive
AIdentity tag · 2 pagesGDPR Pass · CCPA Pass
GAnalytics tag · 28 pagesGDPR Warn · firing while pending
MMarketing tag · 28 pagesGDPR Warn · CCPA Warn
SMedia pixel · 2 pagesCorrectly suppressed
Recent Events
New vendor detected: video CDN script · 9m ago New vendor detected: CRM static asset · 9m ago Consent decline test scheduled · next scan
How to spot this problem

Warning signs of hidden privacy exposure

Real-world impact

A Fortune 500 hospitality brand took nearly 3 months to identify and remove ad tags that were transmitting personal and sensitive guest information, all because it lacked a centralized tag and data inventory.

⚠ GDPR/CCPA exposure⚠ Negative brand impact⚠ Legal vulnerability

ROI lens: the average GDPR fine in 2024 was €4.5M. Koru's Privacy Inventory surfaces rogue tags within hours of deployment, cuts audit time from months to days, and provides a defensible compliance record.

What Koru does about it

A compliance record you can defend

Portfolio-Wide Data Inventory

A centralized inventory of every data variable tracked across all your websites. Know what every tag collects, who receives it, and under what consent condition.

Marketer-Friendly Reports

Technical tag variables translated into plain-language privacy reports, readable by your legal, privacy, and marketing teams without developer translation.

AI Red-Flag Detection

Automated recommendations flag tags that send sensitive or personally identifiable data outside consent boundaries. A classification feedback loop improves accuracy over time.

Consent Enforcement Testing

Scans exercise your consent management platform with different consent profiles and verify which tags fire while consent is pending, declined, or granted.

Data Flows by Region

See which vendors receive data from each region and validate regional policy differences, GDPR in Europe, CCPA in California, from one view.

New Vendor Detection

Each daily scan flags newly appearing vendor tags and scripts, so a marketing team member adding a pixel never becomes a compliance surprise at audit time.

Expected outcomes

What good looks like

Privacy audit time cut from months to days All MarTech data flows captured, beyond cookies Defensible, always-current compliance record

Best for: privacy and compliance officers, legal teams, and the marketing leaders who answer to them

FAQ

Frequently asked questions

How can tags leak personal data without consent?

Tags frequently fire outside consent boundaries: before a visitor responds to the banner, after they decline, or through vendors the consent platform never knew about. Koru exercises your site with pending, declined, and granted consent profiles on every scan and reports exactly which tags fired in each state.

What is a tag data inventory?

A tag data inventory is a central record of every data variable each tag collects, the vendor that receives it, and the consent condition it fired under, across your entire website portfolio. Koru refreshes this inventory with every daily scan, so it is always current for legal and privacy teams.

How does Koru help pass a GDPR or CCPA audit?

Koru produces plain-language compliance reports, consent-state logs, and vendor data flows by region, giving your privacy team a defensible audit record. Teams typically cut audit preparation from months to days. With average GDPR fines running in the millions of euros, that speed matters.

Will Koru detect new vendor tags that marketing adds?

Yes. Every daily scan flags newly appearing vendor tags and scripts, so a pixel added by a campaign team never becomes a surprise at audit time. AI-powered classification flags tags sending sensitive or personally identifiable data outside consent boundaries.

Does Koru replace our consent management platform?

No. Koru works alongside your consent management platform and verifies that it actually works: that declines are honored, pending states block the right tags, and no vendor receives data it should not. Most consent failures are implementation errors that only independent scanning reveals.

Could you pass a privacy audit this quarter?

Get a demo and see your own vendor data flows mapped in the first scan.

Request Free Audit View Pricing