A website data protection audit in minutes

Our GDPR scanner helps data protection professionals create comprehensive technical audit reports without any hassle.
Manually scanning websites for vulnerabilities is time-consuming and no fun. decareto uses automation to identify all third-party services and cookies, scan sub-pages of websites, and create comprehensive reports with risk assessment.

What our customers say

Thomas Floß
EDV-Unternehmensberatung Floß GmbH
"With our partner decareto we are playing in the upper third of the Champions League."
EDV-Unternehmensberatung Floß GmbH
Our own ambition is to play in the top third of the Champions League in the area of data protection and in the top third in the field of data protection and information security. To do this, however, we need partners and their tools that fully meet this requirement!

In the area of data protection, we have succeeded in particular with decareto!
Ingo Krause
Managing Director, Data Orga GmbH
"We've been working with decareto since 2021 and with it, the overall standard of the websites has been increased by more than 70%."
Data Orga GmbH
We've been working with decareto since 2021, and by now over 170 of our customers' websites are checked for cookies, external services, and technical settings every month, which means that the overall standard of the websites has been increased by more than 70%. We are particularly satisfied with the constant enhancements of the functions and the fast and direct service.
Beatriz Loos
Managing Director, SiDIT GmbH
"decareto is a great help for us to find out which services are actually included in a website."
decareto is a great help for us to find out which services are actually included in a website. These results are presented in a clearly structured risk report, which enables us to provide our customers with the best possible data protection advice. We would also like to mention the top support!
All Testimonials

Cloud-based, secure, with customer protection

Our software is cloud-based and requires no installation, so you can instantly submit websites and have them audited. We also pay attention to security and customer protection - your data is stored on servers in Germany. And we don't offer data protection consulting, which means we are not competing with your business.

decareto advantages over free tools

You can also perform a website check with apps like Webbkoll or the Browser Developer tools, but decareto provides a more comprehensive analysis in a fraction of the time.
External services usually set 1st-party cookies that can only be identified by name. You have to guess or research at great expense what their source is, and which purpose they have
The same applies to external services - based on downstream requests, not only the service itself must be identified, but also its properties (purpose, data transfer to insecure third countries, etc), which neither Webbkoll nor the development tools can do.
For a complete analysis, all sub-pages of a website must be checked, because especially services like captchas, videos, maps or social plugins are often used on subpages.
An audit must also show cookies and services that are loaded only after consent has been given via a consent banner - again for all subpages. In particular, cookies and services requiring consent must be detected that are loaded without consent.
These aspects are fully automated by decareto, manual execution with free tools is not practical when looking for this depth.

All your websites at a glance

Identifying vulnerabilities through cookies and external services is hard enough for a single web presence. Our database details of many thousands of providers, enabling the thorough identification of external services and cookies. Our crawler also scans sub-pages of the websites, achieving a level of detail for your audit reports that would not be possible manually.

Professional looking reports for your customers

You can share reports with customers or colleagues via a shared link or as a PDF or Word export, if desired in your company's corporate design. You can set up an automated dispatch so that your test report is always sent by us on time.

Comprehensible presentation of the results

decareto shows data protection breaches in an easy-to-understand management summary:
Use of non-essential cookies or third-party services without consent
Transfer of data to unsafe third country
Violation of the information requirements on external services in the privacy policy.

Cookies and services at a glance

All cookies, web storage items and third-party services are listed so that you have comprehensive data on the data processing by third parties on your website:
Cookie storage duration
Provider of the cookie, web storage item or service
Purpose of the cookie or service (advertising, analytics, functional, etc.)
Setting with or without consent
Will data be transferred out of the EU jurisdiction?

Email notifications

You don't need to do regular checks, because we scan each of your websites once a day and send you a notification if any relevant changes have occurred.

Server security check

decareto checks whether data is transmitted encrypted, whether the SSL certificate is state of the art, and whether correct security headers are configured.

Check forms for compliance

A full decareto scan searches sub-pages for (contact) forms and displays a screenshot and all found places. This allows you to check forms for GDPR compliance without having to go to all pages of the website.

A website audit from only 5€

All decareto plans allow you to update websites as often as you like. Even with our Starter plan, you can perform 120 websites per year, including full scans of the sub-sites - this makes decareto attractive even for data protection officers with just a few customers. Example: If you have 30 customers, you can perform an audit for each customer once per quarter with the "Starter" plan.

Our plans and trial options

You can test decareto for 14 days without any obligation. A 14-day-trial does not create a contract. If you do not wish to extend the trial, your access and data will be deleted at the end of the trial period. All prices shown are exclusive of VAT. The minimum contract period is one year.
The number of websites (10, 50, 100) indicates how many websites are registered on your account at the same time. These are constantly monitored, and you will receive a notification for them in case of deterioration in the level of data protection. You can delete websites at any time and replace them with new ones (limits see above).
In all plans, you can scan the home page of a website as many times as you want (limits see above).
We automatically run a deep scan once a month. You can also start the full scan manually (except in the "Starter" plan).
decareto can scan login-protected areas in stores, intranets or test versions of websites.
You can use the decareto REST API to automatically create websites and query report results. This allows decareto to be integrated with external data protection management tools.
Reports can be sent to customers automatically, e.g. on a quarterly basis.
Reports can be exported as PDF or shared via a link. We can configure your own domain for this.
As part of our consulting packages, we support you in resolving data protection problems on websites. To do this, we work together with data protection officers and IT departments or agencies, and provide support in selecting and configuring consent platforms and privacy-compliant tools.