# Privis > Independent CPRA and CCPA site audits with evidence-style PDF reports your legal and engineering teams can act on. Privis scans live marketing sites like an external reviewer—no SDK required. It is not a consent management platform (CMP). It detects technical CPRA/CCPA-style signals such as trackers firing before consent, missing Do Not Sell or Share links, ignored Global Privacy Control (GPC) signals, deceptive consent banners, and privacy policy mismatches. Reports are automated technical findings. They do not constitute legal advice or a compliance certification. ## Product - [Homepage](https://privis.io/): Overview, pricing, and free quick scan - [Free quick scan](https://privis.io/#pricing): Homepage scan with 2–3 core CPRA checks and instant PDF — no credit card - [All 10 checks](https://privis.io/#checks): Full list of CPRA-focused checks Privis runs - [Pricing](https://privis.io/#pricing): One-off reports from $149/domain; monitoring from $99/month - [Compare](https://privis.io/#compare): Privis vs manual audits and enterprise GRC platforms - [Articles](https://privis.io/articles): How-to guides for each CPRA check and CMP comparisons - [Contact](https://privis.io/contact): Sales, multi-site packs, and enterprise inquiries - [Terms and privacy policy](https://privis.io/legal): Service terms and data handling ## Key facts - Category: Independent CPRA / CCPA site audit and privacy violation scanner - Free tier: Quick scan on homepage (trackers before consent, Do Not Sell link, GPC handling) - Paid tiers: Full 10-check CPRA report ($149/domain), multi-site packs, monitoring subscriptions - Different from: Cookie consent banners, CMPs (Cookiebot, OneTrust consent UI), enterprise GRC platforms - Similar to: Automated technical privacy audits; alternative to $5k–$25k+ manual consultant audits - Support: support@privis.io ## Checks (10) 1. Trackers firing before consent 2. Missing Do Not Sell or Share link 3. Global Privacy Control (GPC) ignored 4. Deceptive consent banner patterns 5. Non-essential cookies before consent 6. Sensitive data leaking to third parties 7. Privacy policy mismatch 8. Missing retention disclosure 9. Excessive third-party sharing 10. Missing or broken DSAR workflow ## Articles - [All articles](https://privis.io/articles) - [How to detect trackers firing before consent](https://privis.io/articles/trackers-before-consent) - [How to find a missing Do Not Sell or Share link](https://privis.io/articles/do-not-sell-link) - [How to test if your site ignores Global Privacy Control (GPC)](https://privis.io/articles/gpc-ignored) - [How to spot deceptive consent banner patterns](https://privis.io/articles/deceptive-consent-banner) - [How to find non-essential cookies set before consent](https://privis.io/articles/cookies-before-consent) - [How to detect sensitive data leaking to third parties](https://privis.io/articles/sensitive-data-leak) - [How to find privacy policy mismatches with live site behavior](https://privis.io/articles/privacy-policy-mismatch) - [How to check for missing retention disclosures in your privacy policy](https://privis.io/articles/retention-disclosure) - [How to measure excessive third-party sharing on your site](https://privis.io/articles/excessive-third-party) - [How to verify your DSAR workflow is present and working](https://privis.io/articles/dsar-workflow) - [Privis vs Cookiebot, OneTrust, and manual privacy audits](https://privis.io/articles/privis-vs-cmp-manual-audit)