Plaintiff firms scan your site for CIPA violations. Signal finds them first.
2,341 CIPA lawsuits since 2022. $5,000 statutory damages per violation. The most common trigger: a tracking pixel that fires before the user sees a consent banner. Signal detects every one of them.
Signal runs automatically on every Sturdly scan — no extra setup. Upgrade to Pro to unlock the dashboard, AI remediation steps, and timestamped evidence reports.
What Signal detects
Every check maps to a specific legal theory plaintiffs' firms are actively filing on.
Meta Pixel, TikTok, LinkedIn Insight Tag, Google Ads — if any fire before the user sees a consent banner, you have a CIPA § 631 wiretapping exposure. This is the single most litigated pattern.
Hotjar, FullStory, Microsoft Clarity, LogRocket record keystrokes and mouse movement. Loading any of them before consent is a textbook wiretapping theory — Camplisson v. Adidas, Massie v. General Mills, and dozens more.
Intercom, Drift, and Zendesk load SDKs that can record conversation content before a user agrees to anything. § 632 covers confidential communications — chat is squarely in scope.
We inject sentinel strings into search inputs and monitor whether third-party trackers receive them. This is the exact methodology plaintiffs' experts use to establish interception of typed content.
Ad pixels co-located on pages with video embeds create Video Privacy Protection Act exposure — $2,500 per disclosure, per viewer. We flag every video+tracker co-occurrence.
California's Privacy Rights Act requires treating a Global Privacy Control header as an opt-out request. We probe your site with Sec-GPC: 1 and check whether tracking drops — courts are starting to treat non-compliance as evidence of bad faith.
How Signal works
Crawl with a clean browser
Signal launches Chromium with no cookies, no prior consent — simulating the first visit of a new user. Every network request is captured before the page has had a chance to load consent scripts.
Match requests against 50+ tracker signatures
Each captured request is matched against our tracker library: ad pixels, session replay tools, chat widgets, analytics SDKs, and tag managers. Timing relative to consent banner load determines pre-consent status.
Generate timestamped findings + AI remediation
Every violation gets a finding record with exact timestamps, the full request URL, and the consent state at firing time. Claude generates remediation code showing exactly how to gate the script behind consent.
Signal vs. manual review
Manual privacy audits miss the consent-timing dimension entirely — they check what scripts are present, not when they fire relative to consent. That timing gap is what plaintiffs sue on.
| Check | Signal | Manual |
|---|---|---|
| Detects pixels firing before consent banner | ||
| Session replay tool detection (Hotjar, FullStory, Clarity) | ||
| GPC signal compliance probe | ||
| Search-bar input interception test | ||
| VPPA video+tracker co-occurrence | ||
| Do-Not-Sell link verification (CCPA) | ||
| AI-generated remediation code per finding | ||
| Timestamped evidence for court defense | ||
| Runs every time you scan your site |
Signal is included in Pro — $49/month
Every Pro scan runs Signal automatically. Full tracker dashboard, consent-timing timeline, AI remediation steps, and GPC compliance probe — no extra charge, no add-on to manage.
No credit card required for the trial. Cancel anytime.
Sturdly Signal is a detection and documentation tool, not legal advice. Findings identify patterns associated with CIPA, VPPA, CCPA, and CPRA claims based on publicly available case law and regulatory guidance. Consult qualified privacy counsel for legal advice specific to your situation.