Full feature overview
Every tool you need for operational privacy compliance
DPOKit goes far beyond a cookie banner. It gives WordPress site owners a complete compliance engine — from automated data discovery to legally defensible audit trails.
Pillar 1
Third-Party Data Flow Inventory
Know exactly which third-party services process personal data on your site. DPOKit scans every page, detects every tracker, and builds a living data map that keeps itself current.
- Automatically scans all pages on activation and on a configurable schedule
- Detects cookies, pixels, iframes, and REST API calls to third-party domains
- Reads Google Tag Manager containers to enumerate tags and triggers
- Flags form submission endpoints that send data off-site
- Export the data map as PDF or CSV for legal review
- Manual entry for server-side integrations not reachable by scanning
| Vendor | Category | Legal basis | Status |
|---|---|---|---|
| Google Analytics 4 | Analytics | Consent | Detected |
| Meta Pixel | Marketing | Consent | Detected |
| Stripe.js | Functional | Contract | Detected |
| Mailchimp | Marketing | Consent | Scanning |
| HotJar | Analytics | Consent | Queued |
Choose which cookies you allow. Functional cookies are always active.
Functional
Required for core site functions
Analytics
Understand how visitors use the site
Marketing
Personalised ads and retargeting
Personalisation
Tailored content and recommendations
Pillar 2
Consent & Script Enforcement
A consent banner is only as effective as the script blocking that backs it up. DPOKit intercepts non-essential scripts at the source and only fires them after the visitor has given explicit permission.
- Block all non-essential scripts until the visitor grants consent
- Granular categories: functional, analytics, marketing, personalisation
- Stores consent records with timestamp, IP hash, and user agent
- Native Google Tag Manager integration with Consent Mode v2
- Developer API for third-party plugin authors to gate their own scripts
- WCAG 2.1 AA — keyboard navigable and screen-reader labelled
Pillar 3
Data Subject Access Request (DSAR) Workflows
Meeting the 30-day GDPR deadline under pressure is hard without the right tooling. DPOKit gives you a structured intake-to-response workflow, with automatic data collection and a tamper-evident audit trail.
- Embeddable intake form: access, deletion, portability, rectification, objection
- Automated acknowledgement email with reference number and 30-day deadline
- Identity verification via email confirmation; optional ID document upload
- Auto-collects data from user accounts, WooCommerce, forms, and comments
- Structured JSON + human-readable HTML export package for portability requests
- Legal-hold overrides prevent deletion of data still within a retention window
3
Open cases
1
Due this week
11d
Avg response
anna.k@example.com
tom.b@example.com
sara.m@example.com
james.r@example.com
DSAR-0042 · Deletion · In Progress
Received
Verified
In Progress
Completed
90% of retention window used
60% of retention window used
75% of retention window used
38% of retention window used
80% of retention window used
Pillar 4
Retention & Deletion Enforcement
Keeping data longer than necessary is itself a compliance risk. DPOKit lets you define precisely how long each data category lives, then enforces those policies automatically — with a tamper-evident log for every action.
- Define retention periods per data category — orders, forms, accounts, comments
- Legal-hold rules override standard retention for tax and compliance windows
- Scheduled background jobs identify data exceeding its retention period
- Dry-run mode lets you preview which records will be affected before enforcement
- Rate-limited execution to avoid performance impact on large databases
- Immutable audit log records every deletion and anonymisation with a hash chain
Pillar 5
Audit-Ready Reporting
When a regulator or client asks for evidence of compliance, you need to be able to respond immediately. DPOKit produces structured, exportable reports across every compliance pillar — on demand or on a schedule.
- Compliance dashboard with traffic-light status per pillar at a glance
- ROPA export meeting Article 30 GDPR in structured Word / PDF format
- Auto-generated privacy notice draft based on detected data flows and legal bases
- Consent audit report: volume and breakdown by category and date range
- DSAR activity report: requests received, response times, completion rate
- All reports schedulable for automatic email delivery to nominated recipients
92%
3
4,820
0
Plan comparison
DPOKit Free vs Pro vs Agency
Start free with consent management and a basic scan. Upgrade to Pro or Agency when you need the full compliance suite.
| Feature | Free€0 / forever | Pro€29 / mo / site | Agency€79 / mo unlimited |
|---|---|---|---|
| Consent & Script Enforcement | |||
| Consent banner & preference centre | |||
| Consent banner customisation (colours, layout, position, text) | |||
| Custom CSS for consent banner | |||
| Granular categories (functional, analytics, marketing, personalisation) | |||
| Re-prompt mechanism (reprompt_days setting) | |||
| Consent records stored with timestamp & IP hash | |||
| Consent record CSV export | |||
| Consent record deletion (purge old records) | |||
| Up to 500 consent records / month | |||
| Unlimited consent records | |||
| Google Tag Manager Consent Mode v2 | |||
| Direct script blocking for WooCommerce & CF7 | |||
| Developer API to register consent-gated scripts | |||
| Third-Party Data Flow Inventory | |||
| Basic automated scanner (top pages) | |||
| Data map list / view (read-only) | |||
| Scanner results 'Add to Data Map' | |||
| Full-site scheduled scanning | |||
| GTM tag & trigger enumeration | |||
| Living data map with change history | |||
| 50+ vendor library with pre-filled descriptions | |||
| PDF / CSV data map export | |||
| Manual entry for server-side integrations | |||
| DSAR Workflows | |||
| Embeddable intake form | |||
| Request types: access, deletion, portability, rectification, objection | |||
| Identity verification (email confirmation) | |||
| Auto-acknowledgement email with deadline | |||
| Auto data collection (WP, WooCommerce, CF7, WPForms) | |||
| Structured JSON + HTML export package | |||
| Case management: status tracking & deadline countdown | |||
| Deletion / anonymisation execution with legal-hold overrides | |||
| Full case history exportable as PDF | |||
| Retention & Deletion Enforcement | |||
| Per-category retention policy configuration | |||
| Legal-hold rules | |||
| Scheduled enforcement jobs (anonymise / delete / flag) | |||
| Dry-run preview mode | |||
| Tamper-evident immutable audit log | |||
| Audit log CSV / PDF export | |||
| Audit-Ready Reporting | |||
| Compliance dashboard with traffic-light status | |||
| ROPA export (Article 30 GDPR) | |||
| Auto-generated privacy notice draft | |||
| Consent audit report | |||
| DSAR activity report | |||
| Retention enforcement report | |||
| Scheduled report delivery by email | |||
| Integrations | |||
| WordPress core (users, comments) | |||
| WooCommerce orders & customers | |||
| Contact Form 7 / WPForms / Gravity Forms | |||
| Mailchimp subscriber data | |||
| Google Analytics 4 consent-aware suppression | |||
| WordPress REST API endpoints | |||
| WP-CLI commands | |||
| WordPress Multisite / network support | |||
| Multisite network-level policy inheritance | |||
| Licence & Support | |||
| Sites covered | 1 site | 1 site | Unlimited |
| Plugin updates | Community | Licensed updates | Licensed updates |
| Support | Community forum | Priority email | Dedicated channel |
| White-label option | |||
Ready to move beyond the cookie banner?
Start free today. No credit card required. Upgrade to Pro or Agency when you need DSAR workflows, retention enforcement, and full audit reporting.