• CookieQ website scanner

    Get the most detailed, comprehensive scan available of your site, executed remotely with no need for plug-ins. Includes every detail about HTTP, JavaScript and "Flash" cookies, HTML5 local storage, missing pages etc.

  • CookieQ ePrivacy consent platform

    Comply with the ePrivacy directive, either implied or explicit consent, using the only fully configurable cross-domain platform available. Your visitors need only give their consent once for all your domains. CookieQ was the first EU ePrivacy solution, the first with the ability to register consent across multiple website domains managed by the same data controller, and now the first to do this without UIDs or persistent cookies.

  • Comply with Do Not Track

    Use the new tracking consent API to signal browsers and plug-ins that you support user privacy.

CookieQ for Do Not Track and EU Cookie Law and ePrivacy compliance, exhaustive, detailed and extremely cost efficient automated website Cookie Audit.

Baycloud Systems offers the original (introduced May 2011) and still the most comprehensive and unambiguous solutions for compliance with the ePrivacy Directive (aka the EU Cookie Law), together with an extremely cost-effective and exhaustive website auditing service. We believe that brands that offer a straightforward choice to their customers will gain their trust  and so gain competitive advantage.

We offer consultancy, as well as website auditing services. We can implement purpose designed  technology to help web publishers comply with the law and respond to the rapidly developing ePrivacy environment.

Consent platform

The CookieQ platform lets publishers offer informed consent across multiple domains, giving their increasingly privacy aware customers explicit control over their data.

This is not an ineffective and confusing "cookie consent" popup but a complete set of features that address all the problems that arise when true ePrivacy solutions are implemented.

Web publisher can build trust by only using tracking or user-identifying data when consent has been given but then are able to apply that consent to all the web domains they own and apply the same privacy policy to. 

The W3C Do Not Track standard is now supported so that not only the default consent status can be amended depending on the state of the DNT header, but also the DNT UGE (User Granted Exception) is now used to signal explicit consent to your embedded 3rd party content servers on all your sites.

Our built in tag management system can also be used to selectively enable 3rd-party content dependent on user consent. Alternatively other Tag Management systems can be used (such as Google's) with user consent communicated using configurable properties and events on standard data layer objects.

CookieQ does not use unique identifiers or UIDs to remember which sites your users have given consent to. For the latest versions of Firefox, Safari, Chrome, Opera and Internet Explorer  the data needed to do this is held entirely within the browser and is not communicated to anyone. When a user has given consent this fact can be communicated to your sites' servers using a short-lived cross-domain "signalling cookie", though there is an option to refrain from using even this non identifying cookie. For the small number of browsers that do not implement the required features needed to support this (such as Internet Explorer version 6)  we use a UID stored in a well-known named cookie but only when users have explicitly given consent

Multi-site dashboard

Publishers or site operators can now manage privacy consent across all their sites using the CookieQ dashboard. All relevant sites are listed on a set of summary pages and can be individually created, cloned and edited. Each entry reports the number of hits received by the site this month as well as the last country code detected by our geo-location feature. Changes immediately take effect on the appropriate site without having to take the site down or manually reconfigure it. A single snippet of html can be added to all sites and different opt-in panels (or none) shown according to how that website entry is statically configured, or alternatively based on the source county code of each visitor detected by IP address geo-location.

Comply with Do Not Track

The CookieQ platform lets sites signal their user's consent to their embedded third-party content. The Do Not Track preferences API can now be applied to as many of a publishers domains as they need without needlessly bombarding their users with consent requests. 

Do Not Track usage chart


Check our Do Not Track Test page to see if your browser has DNT enabled and whether it supports the W3C Tracking Protection Draft API.

Automated Site Scanner

CookieQ is supported by our cloud-hosted website ePrivacy compliance auditing and scanning service which does not rely on a downloaded app potentially collecting potentially personal information about your web activity.

This service is based on a fast, forensic and automated website tracker scanner that periodically generates audit reports of public facing websites. Because there is less need for manual intervention our audit is cost effective but detailed and exhaustive. If parts of a site can only be accessed by an authenticated user we can generate manually augmented reports as a special service.

Unlike other audit systems which rely on a downloaded plug-in which sends information to an external server, our system is fully secure.

We scan up to the number of pages you specify on a site and detect all the http, JavaScript, html5 local storage and flash cookies that are placed there. The report details all the information about these cookies including their expiry date, secure status, name, value, subkey, domain, path, entropy, uniqueness etc.. It separately lists 1st party and 3rd party cookie, and in the latter case specifies whether they are inserted by passive elements, i.e they are web beacons, or by clickable elements such as anchor tags. It also lists elements hosted by 3rd parties that may cause your visitors to be tracked without their consent (3rd party tags).


Some of our recent clients: