• CookieQ server-side tracking protection platform

    Block malware and invisible tracking, while complying with data protection regulations using the only fully configurable cross-domain platform available, which can actively manage both first-party cookies and any embedded third-party content. CookieQ was the first EU ePrivacy solution, the first with the ability to register consent across multiple website domains managed by the same data controller, the first to do this without UIDs or persistent cookies, the only one to offer complete control over embedded third-parties and control the cookies on your site automatically .

    For example you can selectively enable and disable LinkedIn and Twitter buttons rendered in the page footer. Click our cookie consent button below to see this working.

    CookieQ also ensures that no unknown scripts can be delivered to visitors. If properly implemented this will eliminate malware delivery from downstream embedded iframes, for example from remnant online advertisments.

  • CookieQ website scanner

    Get the most detailed, comprehensive scan available of your site, executed remotely with no need for plug-ins. Includes every detail about HTTP, JavaScript and "Flash" cookies, HTML5 local storage, missing pages, SSL certificate information, IANA WhoIs etc.

    We also supply an API service so that OEMs can deliver added value services based automatically triggering a scan from cloud based servers and then processing up-to-date data from it. This is demonstrated by our TrackerScope page scanner which anyone can use to examine and dynamically display all the resources accessed when a page is rendered.

    Because it accesses a page entirely automatically with DNT set and with no human involvement, it accurately reports on how a server honours Do Not Track and manages data collection to comply with European ePrivacy regulations.

  • Respect Do Not Track

    Use the new tracking consent API to signal browsers and plug-ins that you support user privacy.

    The CookieQ platform lets sites signal their user's consent to their embedded third-party content. The Do Not Track preferences API can now be applied to as many of a publishers domains as they need without needlessly bombarding their users with consent requests.

CookieQ for Do Not Track and EU Cookie Law and ePrivacy compliance, exhaustive, detailed and cost efficient automated website Cookie Audit.

Baycloud Systems offers the original (introduced May 2011) and still the most clear and comprehensive solution for compliance with the ePrivacy Directive and Do Not Track, together with a cost-effective and exhaustive website auditing service. We believe that publishers and brands that offer a straightforward choice to their customers will gain their trust and loyalty.

Server-side tracking protection and consent platform

The CookieQ platform lets publishers offer informed consent for their cookies and third-parties, giving their increasingly privacy aware customers full control over their web activity data. Rather than a pointless "cookie consent" popup that annoys customers by giving them no real choice, CookieQ uses the latest HTML5 APIs to actively manage cookies and embedded third-parties and gives sites the ability to comply unequivocally with the e-privacy directive. CookieQ is the only e-Privacy tool that can control the cookies on your site automatically, and can ensure that no unknown scripts can be delivered to visitors. If properly implemented this will eliminate malware delivery from downstream embedded frames, for example from remnant online advertisments.

Consent is not limited to single host domains but can be allocated on a per data controller basis across any number of web domains, so that once explicit consent has been given to a set of domains there is no need to ask again. Sites have the ability to limit the duration of any consent given to an arbitrary period and allow users to revoke their consent at any time.

With CookieQ AdSense or other sites that wish to actually implement the legal requirement for no tracking cookies without prior consent can now do so.

CookieQ offers a complete set of features that address all the problems that arise when true ePrivacy solutions are implemented. Compliant implementations exist for all EU Member States including all interpretations of consent using the latest CNIL, ICO, CBP and Article 29 Working Party guidance

Web publishers can build trust by only using tracking or collecting user-identifying data when consent has been given, for example as part of the log-in process. CookieQ can be configured to automatically remove first-party cookies, specified third-parties and other storage on all the domains where consent has not been given or it has been revoked, and can show a consent icon to users to give them the ability to change their settings at any time. Consent can be optionally registered for arbitrary categories of cookies, such as "functional" or "analytics", and can, if required, be applied to individual cookies and third-parties. Because user consent can be applied across multiple domains there is no need to bombard users with pointless repeated requests

We have been active members of the W3C Tracking Protection Working Group for many years and have always supported the Do Not Track standard so that the default consent status can be amended depending on the state of the DNT header. For browsers that support it, such as Microsoft's Internet Explorer 11, the DNT UGE (User Granted Exception) is used to signal explicit consent to your embedded 3rd party content servers, again across multiple domains.

CookieQ does not use unique identifiers or UIDs to remember which sites your users have given consent to as the data needed to do this is held entirely within the browser and is not communicated to anyone. When a user has given consent this fact can be communicated to your sites' servers using a short-lived cross-domain "signalling cookie", though there is an option to refrain from using even this non identifying cookie.

Multi-site dashboard

Publishers or site operators can now manage privacy consent across all their sites using the CookieQ dashboard. All relevant sites are listed on a set of summary pages and can be individually created, cloned and edited. All text is stored in language specific silos including cookie purpose descriptions, and automatically delivered according to browser or dashboard settings .Changes immediately take effect on the appropriate site without having to take the site down or manually reconfigure it. A single snippet of html can be added to all sites and different opt-in panels (or none) shown according to how that website entry is statically configured, or alternatively based on the source county code of each visitor detected by IP address geo-location.

Information from the most recent cookie audit is automatically categorised by purpose and the third-party with which data is shared, and immediately presented in a "cookie description" panel without needing to be laboriously transcribed.

Respect Do Not Track

The CookieQ platform uses the W3C Do Not Track preferences API to let sites signal their user's informed and specific consent to embedded third-party content.

Do Not Track usage chart

Automated Site Scanner

CookieQ is supported by our cloud-hosted website ePrivacy compliance auditing and scanning service which does not rely on a downloaded app potentially collecting potentially personal information about your web activity.

This service is based on a fast, forensic and automated website tracker scanner that periodically generates audit reports of public facing websites. Because there is less need for manual intervention our audit is cost effective but detailed and exhaustive. If parts of a site can only be accessed by an authenticated user we can generate manually augmented reports as a special service.

Unlike other audit systems which rely on a downloaded plug-in which sends information to an external server, our system is fully secure.

We scan up to the number of pages you specify on a site and detect all the http, JavaScript, html5 local storage and flash cookies that are placed there. The report details all the information about these cookies including their expiry date, secure status, name, value, subkey, domain, path, entropy, uniqueness etc.. It separately lists 1st party and 3rd party cookie, and in the latter case specifies whether they are inserted by passive elements, i.e they are web beacons, or by clickable elements such as anchor tags. It also lists elements hosted by 3rd parties that may cause your visitors to be tracked without their consent (3rd party tags).

A table of cookie types and their descriptions and purpose can be displayed in a dynamically updated panel, in any required language.


Some of our recent clients: