Before you scan, here's exactly what happens to your site and your data. Short version: we look, we don't touch, and we don't collect your visitors' personal information.
How the scan works
A real, read-only browser RegSentry loads your public pages in a headless browser — the same way a visitor's browser would. It records which third-party scripts load and the precise moment each one first contacts its server, so we can tell whether a tracker fired before or after consent.
No code to install, nothing modified You never add a snippet, tag, or plugin. RegSentry needs no access to your servers, hosting, CMS, or source code, and it never changes anything on your site. If you can visit a page, we can scan it.
We watch trackers, not people The scan is about the scripts on your pages — session-replay, analytics, chat, and ad-pixel tools — not your visitors. We do not collect, store, or process your customers' personal data as part of a scan.
What we store
Scan results Which trackers were detected, when they fired relative to consent, a compliance score, and the evidence needed to document it. This is what powers your dashboard and monitoring alerts.
Your account details Your email and the domains you asked us to monitor. Passwords are hashed with bcrypt — we never store them in plain text. That's it; we don't build advertising profiles and we don't sell data.
How we protect it
Encrypted in transit All traffic to RegSentry is served over HTTPS/TLS.
Managed, US-based database Account and scan data lives in a managed PostgreSQL database. Sessions are server-side and expire on a rolling basis.
Least-access by design Because a scan only reads public pages, there is no privileged connection to your infrastructure for anyone to compromise.