Scanner Terms of Use

Last updated: April 2026

1. Service Description

The ConsentMark Analytics Governance Scanner ("Scanner") is a free tool that analyses publicly accessible websites for analytics governance practices. The Scanner examines consent management, tag deployment, data transfers, and third-party oversight.

2. Governance-Grade Assessment

Results provided by the Scanner constitute a governance-grade assessment and do not constitute legal advice. The Scanner performs an automated, single-pass analysis that may not capture all tracking activity on your website.

For comprehensive compliance assessment, we recommend engaging a qualified data protection professional or using our full Analytics Governance Diagnostic service.

3. Permitted Use

You may use the Scanner to:

• Scan websites that you own or have authorisation to analyse
• Use the results for internal governance improvement
• Share results within your organisation

You must not:

• Use the Scanner to attack, disrupt, or probe websites you do not own
• Circumvent rate limits or access controls
• Use results to mislead others about a website's compliance status
• Use results to make public claims, statements, or representations about the governance practices of any third party, including in social media, press releases, marketing materials, or public reports
• Automate bulk scanning without prior written agreement

4. Data Handling

When you use the Scanner, we collect the URL you submit and the email address you provide. Scan results (including screenshots and governance scores) are stored for up to 90 days to support shareable report links. After 90 days, results are automatically deleted.

Your email address is used to deliver a copy of your scan report via Amazon SES (hosted in EU). If you opt in to marketing communications during the scan, we may send you analytics governance insights and service updates. You can withdraw consent at any time by contacting contact@consentmark.com.

All data is processed in the EU in accordance with GDPR. See our Privacy Policy for full details.

5. LLM-Assisted Classification

To classify scripts that fall outside our curated tag registry, the Scanner may dispatch a sanitised excerpt of the unknown script to AWS Bedrock (Amazon's managed foundation-model service) running Claude. Only script content fetched from public web pages is sent; we do not transmit cookies, request bodies, authorisation headers, or any data from authenticated sessions. Bedrock is invoked from eu-west-1(Dublin) via Amazon's EU cross-region inference profile, which routes the call to AWS regions inside the European Union only (Ireland, Frankfurt, Paris, Stockholm, Milan, or Spain depending on capacity). AWS does not retain prompts or completions when model invocation logging is disabled at the account level - which is how the Scanner's AWS account is configured.

AWS is already a sub-processor for the Scanner's hosting infrastructure (see the Privacy Policy, section 5). Adding the Bedrock service does not introduce a new third-party vendor; the same Standard Contractual Clauses and infrastructure DPA apply. Anthropic, the model author, has no access to prompts or outputs under the Bedrock service terms.

6. Limitation of Liability

The Scanner is provided "as is" without warranty of any kind. ConsentMark (Obscurity Ltd) accepts no liability for decisions made based on Scanner results. The Scanner may produce false positives or false negatives due to the automated nature of the analysis.

7. Contact

For questions about these terms, contact us at contact@consentmark.com.