Nova Insight
Run audit

Privacy & Cookie Compliance Audit

Every cookie, every tracker, every consent-banner gap — across the laws that apply to you.

Nova Insight is a small consultancy. Our team runs the three-consent-state cookie inventory, drafts the banner-posture verdict, and writes the policy-vs-reality diff — a named human reviews and signs off every audit before delivery. Fixed price, covers Kenya DPA + GDPR + UK GDPR + CCPA, 72-hour turnaround.

From KSh 27,500

Within 72 hours from purchase · One free re-audit within 30 days

Buy this auditSee what you receive

Or email us to scope this with a consultant first.

One audit, every jurisdiction

Cookiebot covers EU. OneTrust starts at $10k. iubenda is per-site. We cover Kenya DPA + GDPR + UK GDPR + CCPA in one fixed-price audit — because if you sell in more than one market you need the picture across all of them.

Three consent states, not one

Most audits screenshot your landing page and call it done. We test landing, accept-all, and reject-all separately — because the reject-all cookie count is what regulators actually care about.

Policy-vs-reality diff included

Your privacy policy says one thing. Our cookie observation sees another. We surface the gap, line by line. That's the part fines come from.

What you receive

  • Three-consent-state cookie + tracker inventory across up to 15 pages
  • Consent-banner posture verdict across each applicable framework
  • Privacy-policy text-vs-behaviour diff, line by line
  • Per-framework jurisdictional exposure analysis (Kenya DPA, GDPR, UK GDPR, CCPA)
  • Global Privacy Control / Digital Omnibus honour-signal test
  • Cross-border transfer flag on every third-party request
  • 30 / 60 / 90-day remediation roadmap with paste-ready banner and policy config
  • One free re-audit within 30 days to verify the gaps closed

Common questions

We already use Cookiebot — do we need this?
If you're EU-only with a current Cookiebot subscription, probably not. Our audit's value is the multi-jurisdictional picture (Kenya + UK + EU + US) and the policy-vs-reality diff, which a single-jurisdiction consent platform doesn't surface.
Does this give us a compliance certification?
No. We're an audit, not a certifying body. We identify the specific gaps with framework-article references; you (or your DPO, or your lawyer) decide what compliance posture to reach.
What is the Digital Omnibus and does it affect us?
A February 2026 EU regulation that pulled cookie governance directly into GDPR via Articles 88a/88b. If you have an EU consent banner more than around 12 months old, it almost certainly doesn't honour the new signal-recognition requirements. Our audit tells you specifically what is missing.
What about Kenya's ODPC audits?
The Data Protection (Conduct of Compliance Audit) Regulations 2024 established ODPC-led compliance audits in Kenya. Our audit gives you the technical-posture report you'd want before an ODPC audit, and identifies the gaps a regulator would typically flag.
How long does the audit take?
72 hours from purchase to delivered PDF. We need 72 hours rather than 48 because the three-consent-state sweep takes real wall-clock time across the pages you ask us to test.
Do you fix the cookies for us?
As a separate scoped engagement. After you receive your audit, email us with timeline and budget. We don't sell remediation in this SKU because the cookie surface differs heavily per stack.

How the audit is produced

Headless-browser observation across three consent states (landing, accept-all, reject-all). Every cookie set, every third-party request, every tracker is logged deterministically before any narrative layer runs. A structured-output LLM produces the per-framework verdicts with specific article references; a Nova Insight consultant reviews and signs off before delivery. Findings cite the cookie name, the page URL, the request payload, and the framework article they map to.

We surface exposure; we don't give legal advice. The report identifies where your behaviour diverges from each applicable framework so your DPO, counsel, or compliance team can decide the response.

Found a factual error in your report? Email us with the page number and we'll re-issue the section. No quibble.

Pulse · monthly monitoring

After your audit — Pulse keeps watch.

The audit is a snapshot. Pulse re-runs the three-consent-state cookie sweep and tracker inventory every month and emails you when scores or critical findings move. A named human reviews every alert before it ships. Cancel any time.

KSh 2,999

/ month

Start Pulse

Ready to see your real cookie surface?

Pay securely via Paystack. The checkout form asks which jurisdictions apply; deliverable arrives within 72 hours.

Buy this audit — from KSh 27,500
Privacy & Cookie Compliance Audit — Nova Insight