Last updated: April 24, 2026
Overview
AECCS (Automated Cookie Consent Compliance Scanner) is a local, user-initiated, research-grounded browser extension that analyzes the GDPR cookie-consent compliance of the website you are currently viewing — entirely within your browser.
The short version: AECCS does not collect, sell, store, or transmit personal data. Page analysis stays local in your browser, and the only persistent item is an optional browsing-setup preference you can choose to save locally in the extension.
Data Processing
When you click the extension icon, AECCS performs a local, user-initiated audit of the current page. If a visible consent banner is present, AECCS may keep a short-lived, in-memory watch on the tracked consent controls for that banner so it can compare the page state before and after your consent choice. The table below describes every category of data the extension accesses and how it is handled.
| Data | Purpose | Stored? | Transmitted? |
|---|---|---|---|
| Page cookies | Read via browser.cookies API to classify cookie categories (analytics, advertising, etc.) and count pre-consent trackers. |
No | No |
| Page DOM | Scanned for consent banners, accept/reject buttons, dark patterns, and transparency indicators. | No | No |
| Page URL / hostname | Displayed in the popup header. Used to determine first-party vs. third-party cookie domains. | No | No |
| Analysis results | Shown in the popup (compliance score, cookie breakdown, dark patterns found, PET guidance, and study-backed context). | No | No |
| Consent interaction session metadata | Minimal in-memory metadata about the tracked consent control interaction for the current tab only (action type, button text, timestamp, frame id, and before/after audit outcome). | No | No |
| Browsing setup profile | An optional user-declared profile stored in browser.storage.local so the popup can remember declared browser protections and explain how they may affect measured results. This object contains only the selected protection labels and an update timestamp. |
Local only | No |
| Bundled study snapshot | Static AECCS reference data bundled in the extension package (shared-config.js, study-snapshot.js, tracker-index.js) to provide frozen study context without making network requests. |
No | No |
Page analysis data is processed in-memory. Results are displayed in the extension popup, and any session-limited consent-interaction state is kept only for the current tab session. AECCS does not write site URLs, audit results, or compare history to storage. The only stored item is the optional browsing-setup profile described above, which remains local to your browser and is never transmitted to any remote server.
AECCS does not perform page-wide click logging. If a visible consent banner is present after you open the popup, the extension only watches the tracked consent controls inside that banner flow for the current tab session.
Permissions
The extension requests the following browser permissions:
cookies— Read cookies set by the current website so they can be classified and counted.activeTab— Access the URL of the currently active tab when you click the extension icon.scripting— Inject the consent-scanner content script into the active tab on demand (only when you click the extension).storage— Save your optional browsing-setup declaration locally so AECCS can remember it between popup opens and explain how protections may affect measured results.host_permissions: <all_urls>— Required by thecookiesAPI, which needs a host permission matching the URL whose cookies are being read. The extension never fetches or sends data to those URLs.
No Network Requests
AECCS makes zero network requests. It does not phone home, fetch remote resources, call analytics endpoints, or transmit any data whatsoever. The extension is fully self-contained: all classification rules, scoring weights, and study reference data are bundled in the extension package itself.
No Remote Code
AECCS does not download executable code, load remote scripts, or depend on
remote configuration at runtime. The large study-reference assets bundled
with the extension are generated locally from the repository using
scripts/build_extension_shared_config.py,
scripts/build_extension_study_snapshot.py, and
scripts/build_extension_tracker_index.py, then shipped as
static files inside the extension package.
No Tracking or Analytics
The extension does not include any analytics, telemetry, crash reporting, or usage tracking of any kind. There are no tracking pixels, no session identifiers, and no fingerprinting.
Third-Party Services
AECCS does not integrate with, depend on, or communicate with any third-party service. It has no external dependencies at runtime.
Data Retention and Sharing
AECCS does not retain browsing data after the popup closes, does not share browsing data with any third party, and does not sell personal information. The only persistent item is the optional browsing-setup profile you choose to save locally in the extension. Because AECCS does not transmit browsing data off-device, there is no server-side account system, no cloud storage, and no data broker access.
Academic Context
This extension was developed from an academic study examining GDPR cookie consent compliance across 1,000 popular websites. The study data referenced in the extension (compliance statistics, PET effectiveness scores, CMP rankings) is a frozen snapshot from a controlled research crawl and is bundled statically — it is not updated or fetched at runtime.
The source code is publicly available at github.com/erenozen/AECCS.
Public Links and Support
| Purpose | URL |
|---|---|
| Project homepage / source | https://github.com/erenozen/AECCS |
| Support / issue tracker | https://github.com/erenozen/AECCS/issues |
| Privacy policy | https://erenozen.github.io/AECCS/privacy-policy.html |
Changes to This Policy
If this privacy policy is updated, the changes will be reflected on this page with an updated date. Because the extension keeps data processing local-only and stores only a small optional preference object, material privacy changes are expected to be rare.
Contact
For questions about this privacy policy or the extension, please open an issue on the GitHub repository.