Privacy policy presence + terms
Credit for a privacy policy actually published on your store, plus additional credit when the policy covers key disclosure terms associated with the laws ClearConsent tracks for your traffic.
How scoring works
One scan-derived number.
Separate law badges.
ClearConsent resolves your Shopify storefront into a 0–100 hero diagnostic score and a set of per-law badges. The hero score reflects what the live scan sees; per-law badges combine scan signals with operational answers. Here's how each number gets built and how to read it.
A score isn't an A-grade. Your hero score reflects your live storefront. Per-law badges show where specific jurisdictions land. 92% on CCPA can coexist with 64% on GDPR for the same store.
/ The framing
Composition
What feeds each number.
Two different scores, two different inputs. Your hero score reflects your live storefront. Per-law badges combine those same storefront signals with operational answers.
Hero score · storefront scan
The headline 0–100 number reflects what a real Playwright Chromium browser sees on your live storefront: privacy policy coverage, consent and opt-out controls (banner, GPC, "Do Not Sell" link), and tracker/cookie hygiene before consent. No questionnaire answers feed this number — it's what the scan can verify.
Per-law badges · scan + practices
Each per-law badge (CCPA, GDPR, etc.) combines the same storefront signals with operational answers from the Compliance tab: data retention windows, vendor agreements, breach response readiness, employee training. Some compliance requirements can only be confirmed by you, not detected by a scan.
Per-law re-weighting
CCPA cares more about Do-Not-Sell links and opt-out clarity. GDPR cares more about lawful basis, granular consent, and data subject rights. The same signals weight differently per jurisdiction, which is why two laws can produce different per-law scores for the same store.
Hero score signals
What the scan checks for.
The hero 0–100 splits across three signal groups, all detected from your live storefront.
Banner, GPC, "Do Not Sell" link
Credit for a working consent banner, Global Privacy Control signal honoring, and a "Do Not Sell" link where required. The visitor-facing controls a regulator expects to see.
Trackers & cookies pre-consent
Penalties for tracking scripts firing pre-consent (GA4, Meta Pixel, TikTok). Credit for category-correct cookie disclosures and a clean tracker stack. The largest single contribution to the hero score.
Per-law badges add practices
Per-law badges layer business-practice answers from the Compliance tab on top of the same scan signals. CCPA cares more about Do-Not-Sell mechanics; GDPR cares more about lawful basis and granular consent. Same signals, different weights per jurisdiction.
Per-law detail
Why the same store has different scores per law.
Two example stores running the same scan, producing different per-law scores:
Example A · EU + US store
GA4 + Meta Pixel, hosted banner, geo-aware mode. CCPA: stronger — geo-aware opt-out covers California; auto-blocker holds Meta Pixel until consent. GDPR: weaker — lawful basis, granular consent, and data-rights disclosures are GDPR-specific signals the geo-mode banner alone doesn't cover.
Example B · US-only store
GA4, no Meta Pixel, no banner installed. CCPA: weaker — no Do-Not-Sell link, no opt-out mechanism, GA4 firing pre-consent. GDPR: weaker — no banner installed means no consent mechanism, no granular controls, no data-rights disclosures.
The per-law detail panel in your dashboard shows what each jurisdiction expects, which signals you have, which you're missing, and how that lands as the per-law score. Your hero score reflects your overall storefront posture; per-law panels show where specific jurisdictions may be stronger or weaker.
Free and Pro
Pro doesn't buy a higher number.
Free gives merchants a real diagnostic score and a working basic banner — it's not a fake trial score. Pro unlocks the tools that help close harder gaps: advanced auto-blocking, hosted policy workflows, exportable reports, scan history, scheduled re-scans, and deeper customization. The score itself is calculated honestly on both tiers.
Honesty
What the score doesn't tell you.
Three honest limits of an automated score:
Not legal advice
A 100/100 means you've addressed the supported signals ClearConsent detected in the scan. Actual legal compliance also depends on your data handling practices, employee training, vendor agreements, and edge cases no scanner can observe.
Can't audit your contracts
If your data processor agreements are misaligned with what your privacy policy says, no automated tool will catch that. A qualified attorney does.
Can't predict enforcement
Two stores with identical 92/100 scores could face different enforcement experiences depending on what an attorney general decides to investigate this quarter. The score is the consistent input; enforcement is the variable.
Use the score the way you'd use a code linter: it catches the obvious problems quickly, leaves room for human review on the rest.
See yours
Run the diagnostic. See the gaps.
Free on the home page. No sign-up. Real-browser audit against the supported privacy laws that may apply to your traffic. The score plus per-law breakdowns show what the scan can verify and where the gaps are.