Scanner terms of use

These terms govern the free public scanner at cookielint.com/scanner. Submitting a URL through that form means you have read and accepted what follows. If you do not accept, do not run the scanner. None of this applies to scans run from a paid CookieLint workspace, which are governed by your subscription agreement.

When you submit a scan we record: the URL you submitted, the email address you provided, your IP address (used for rate limiting and abuse detection), your browser User-Agent string (used for telemetry), the timestamp of the request, and whether you opted in to marketing emails. We do not collect cookies from your browser or any other personal data beyond what you typed into the form.

We run an automated scan against the URL you submitted and email the report to the address you provided when it finishes. We use your IP address and email to apply rate limits on the public scanner. If you opted in to marketing, we add your email to a separate list and send occasional product updates; you can unsubscribe at any time and your address will be removed shortly after. We may also use scanner submissions to understand how visitors find CookieLint and to measure interest in the product, on a legitimate-interest basis.

We do not store cookie values from the sites we scan, only metadata such as cookie name, domain, and category classification. We do not store screenshots or raw HTML. We do not sell, rent, or share your email address with third parties for their marketing. We do not use scan results to train machine learning models.

The public scanner is rate limited per IP address and per email address to keep it fairly available. Limits are enforced in short rolling windows. We do not publish exact numbers because they change as we tune for abuse and load, but a normal user evaluating their own site will not bump into them.

Scan request records (URL, email, IP address, User-Agent, timestamp) are retained for a limited period and then deleted. The scan report itself remains accessible by direct link for a short period after completion. Marketing opt-in records are kept until you unsubscribe or until an address starts bouncing. Rate-limit counters are short-lived and expire on their own.

By submitting a URL you confirm that the site is publicly accessible and that you are authorized to run an automated request against it. The public scanner only fetches pages reachable without authentication and refuses to scan localhost, private networks, or cloud metadata endpoints. If you submit a URL you are not authorized to test, you, not CookieLint, are responsible for that decision.

Do not use the scanner to deny service to any site, to scrape content, to evade another party's rate limits, or to launch any kind of attack. We may, without notice, block IP addresses or email addresses that we believe are abusing the scanner. Repeated abuse will result in a permanent block.

The scanner is provided on an as-is, as-available basis. Scan results are produced by automated heuristics and may be incomplete, out of date, or wrong. Cookie classifications, vendor matches, banner detection, and any compliance signal you might infer from the report are best-effort. Scan results are not evidence of compliance or non-compliance with any law. CookieLint is not a regulator, an auditor, or a law firm, and a passing scan is not a legal opinion. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, accuracy, and non-infringement.

You use the scanner at your own risk. CookieLint, its operators, and its contributors are not liable for any direct, indirect, incidental, consequential, special, or exemplary damages arising from your use of the scanner or your reliance on its output, including but not limited to lost profits, lost data, regulatory fines, reputational harm, or claims by third parties. The public scanner is provided free of charge to every user, including holders of a paid CookieLint account, who are expected to use the dashboard scanner for any production work. Because no fee is ever charged for the public scanner, our total aggregate liability to you for any claim arising from your use of the public scanner is zero. Nothing in this section limits liability that cannot be excluded under applicable law, including liability for gross negligence, willful misconduct, personal injury, or death, or any statutory consumer rights that apply to you. If you need a legal opinion about your site, talk to a lawyer. If you need a formal compliance audit, hire an independent auditor.

The scanner is operated by CookieLint ApS, registered in Denmark. These terms are governed by the laws of Denmark, without regard to its conflict-of-laws rules. The Danish courts have exclusive jurisdiction over any dispute arising from your use of the scanner. Nothing in this section deprives you of any mandatory consumer protections granted by the law of your country of residence, and nothing prevents you from bringing a complaint before the supervisory authority of your country of residence on data-protection matters.

The English-language version of these terms is the legally binding text. Where we publish translations and a conflict arises between the translated and English versions, the English version prevails.

We may update these terms from time to time. The current version is always at this URL with the last-updated date at the top. Continued use of the scanner after a change means you accept the new version. Material changes that affect what we collect or how long we keep it will be called out in the change history.

Reach our privacy channel for any data-deletion request or question about these terms.