Skip to main content
CompliantHQ
Blog

New module: Policy & Terms — we read your policies against reality

Published 4 June 2026

Until now, CompliantHQ looked at two things when scanning a website: cookies and tracking, and accessibility. Today we're adding a third regulatory area — Policy & Terms.

The new module finds and reads your policy pages — privacy policy, cookie policy and terms of service — and then does what no template check can: it holds what the policies promise against what the scan actually measured on the site.

Why it matters

Most policy pages are written once and then left alone. The text ages, laws are replaced, and eventually the policy says something different from what the site actually does. The classic case: a cookie policy claiming "we use no tracking cookies" — on a site where Google Analytics loads before the visitor has said yes.

If the policy says one thing and the site does another, the information is misleading — and informed consent depends on the information being accurate.

What the module checks

The module runs around fifty checks. In short:

  • Is the right information there at all? The privacy policy is reviewed against GDPR's information requirements (Articles 13–14): controller, purposes, legal basis, retention, recipients, third-country transfers, the data subjects' rights, the right to complain to IMY, and a data protection officer where one is required.
  • Does it match reality? We compare the cookie policy with the trackers the scan actually observed, and flag what runs without being named — plus direct contradictions.
  • Do forms collect consent correctly? Pre-ticked boxes, consent bundling several purposes, and a missing privacy-policy link at the point of collection.
  • Is the policy current? References to the repealed Swedish PUL or the renamed Datainspektionen, unfilled template placeholders, broken links and a missing update date.

It adapts to your industry

A brochure site, a web shop, a clinic and a municipality are governed by different requirements — and the module knows it:

  • If you sell something, consumer law is added: a 14-day right of withdrawal, price information, dispute resolution via Sweden's ARN, and statutory company details.
  • If you're a healthcare provider, we check the basis for health data (GDPR Article 9.2 — not a consent checkbox, which doesn't hold in a care relationship), that the Patient Data Act is mentioned, and that medical-record data is kept separate from web and marketing data.
  • If you're a public-sector body, we check that the correct legal basis is stated for the exercise of public authority, and that the policy explains that incoming messages may become public records.

Three regulatory areas, one tool

With the policy module, CompliantHQ now covers three regulatory areas in a single scan: cookies and tracking, accessibility, and policy & terms. The AI advisor weighs the findings against Swedish and EU law and writes a prioritised action plan in plain language — so you know where you stand and what to do.

Read more about how the policy and terms review works →

Run a free scan of your site →