Skip to main content
Sturdly Signal — CIPA & Tracker Defense

Plaintiff firms scan your site for CIPA violations. Signal finds them first.

2,341 CIPA lawsuits since 2022. $5,000 statutory damages per violation. The most common trigger: a tracking pixel that fires before the user sees a consent banner. Signal detects every one of them.

Signal runs automatically on every Sturdly scan — no extra setup. Upgrade to Pro to unlock the dashboard, AI remediation steps, and timestamped evidence reports.

2,341
CIPA lawsuits since 2022
$5,000
Per-violation statutory damages
50+
Trackers in our detection library
8
CIPA-specific checks per scan

What Signal detects

Every check maps to a specific legal theory plaintiffs' firms are actively filing on.

Ad pixels before consent
CIPA § 631

Meta Pixel, TikTok, LinkedIn Insight Tag, Google Ads — if any fire before the user sees a consent banner, you have a CIPA § 631 wiretapping exposure. This is the single most litigated pattern.

Session replay before consent
CIPA § 631

Hotjar, FullStory, Microsoft Clarity, LogRocket record keystrokes and mouse movement. Loading any of them before consent is a textbook wiretapping theory — Camplisson v. Adidas, Massie v. General Mills, and dozens more.

Chat widgets before consent
CIPA § 632

Intercom, Drift, and Zendesk load SDKs that can record conversation content before a user agrees to anything. § 632 covers confidential communications — chat is squarely in scope.

Search-bar input transmission
CIPA § 631

We inject sentinel strings into search inputs and monitor whether third-party trackers receive them. This is the exact methodology plaintiffs' experts use to establish interception of typed content.

VPPA exposure
18 U.S.C. § 2710

Ad pixels co-located on pages with video embeds create Video Privacy Protection Act exposure — $2,500 per disclosure, per viewer. We flag every video+tracker co-occurrence.

GPC signal not honored
CPRA

California's Privacy Rights Act requires treating a Global Privacy Control header as an opt-out request. We probe your site with Sec-GPC: 1 and check whether tracking drops — courts are starting to treat non-compliance as evidence of bad faith.

How Signal works

01

Crawl with a clean browser

Signal launches Chromium with no cookies, no prior consent — simulating the first visit of a new user. Every network request is captured before the page has had a chance to load consent scripts.

02

Match requests against 50+ tracker signatures

Each captured request is matched against our tracker library: ad pixels, session replay tools, chat widgets, analytics SDKs, and tag managers. Timing relative to consent banner load determines pre-consent status.

03

Generate timestamped findings + AI remediation

Every violation gets a finding record with exact timestamps, the full request URL, and the consent state at firing time. Claude generates remediation code showing exactly how to gate the script behind consent.

Signal vs. manual review

Manual privacy audits miss the consent-timing dimension entirely — they check what scripts are present, not when they fire relative to consent. That timing gap is what plaintiffs sue on.

CheckSignalManual
Detects pixels firing before consent banner
Session replay tool detection (Hotjar, FullStory, Clarity)
GPC signal compliance probe
Search-bar input interception test
VPPA video+tracker co-occurrence
Do-Not-Sell link verification (CCPA)
AI-generated remediation code per finding
Timestamped evidence for court defense
Runs every time you scan your site

Signal is included in Pro — $49/month

Every Pro scan runs Signal automatically. Full tracker dashboard, consent-timing timeline, AI remediation steps, and GPC compliance probe — no extra charge, no add-on to manage.

No credit card required for the trial. Cancel anytime.

Sturdly Signal is a detection and documentation tool, not legal advice. Findings identify patterns associated with CIPA, VPPA, CCPA, and CPRA claims based on publicly available case law and regulatory guidance. Consult qualified privacy counsel for legal advice specific to your situation.