Reviewing privacy notices can be a chore. That’s why we built an automated tool to do the heavy lifting for you. In this post, we’ll take a closer look at the technology powering our tool, from how it gathers data to the legal analysis it provides.

How We Scrape Website Data

Before we can analyze anything, we need to gather the right information. Here’s how we do it:

• Text extraction - If the privacy notice is linked, our system pulls the content directly. For PDFs or other formats, we’ve got tools to accurately extract the text from the document and visualize it in our platform.

• Website crawling: We use a custom-built scraper to explore the site and gather relevant details like cookie configurations, web forms, and API activity. We also extract and summarise information about the company: what it does, what are it's main products and services it offers.

We use all automatically collected information, as well as any additional details you choose to provide us with as context when we review the privacy notice.

Layered Analysis

Once the data is collected, our tool runs it through a series of steps to identify compliance issues and recommend improvements. Here’s how it works:

What type of data is collected and why?

We start by figuring out what the company does and how it processes data. Our system reviews the website and summarizes its activities, like whether it uses data for analytics, advertising, or customer support. Based on this context, we:

1. First, analyze what types of personal data are being collected and from where on the website (e.g., form fields in contact forms, comment sections, or support chat). We suggest adding any data types we’ve found to be collected by the website but not mentioned in the policy.

2. Second, we identify the purposes of processing personal data already included in the policy and analyze whether additional purposes should be added based on the gathered contextual information.

Checking the Legal Basis

Next, we analyse whether the appropriate legal bases have been identified for each purpose.

1. First, we check whether the privacy notice lists any legal bases in the first place (spoiler alert: many privacy policies either omit this entirely or just include a generic list stating the types of legal bases that exist, without specifying which ones apply).

2. If not, we suggest legal bases appropriate for the purposes identified under the previous step.

3. If legal bases are identified already in the notice, we double-check them against GDPR rules, EDPB guidelines, and CJEU case law. We also suggest legal bases appropriate for any new purposes we've identified.

Making Recommendations

Finally, the tool provides actionable recommendations. If a legal basis is incorrect, it suggests a better option and explains why—all while referencing relevant guidelines or case law.

Why Our Tool Stands Out

Our system doesn’t just analyze text. It integrates real-life information to give you tailored recommendations grounded in current legal standards. Here’s what makes it different:

• Accuracy: We embed excerpts from EDPB guidelines and key rulings to ensure the advice is reliable.

• Transparency: Every suggestion comes with a clear explanation, so you know exactly why it was made.

• Up-to-Date Knowledge: The tool evolves with GDPR updates, so you’re always working with the latest insights.

What You Get

The end result is a comprehensive report and red lines that highlight:

• Compliance Gaps and Issues: Areas where the privacy notice falls short.

• Practical Fixes: Text suggestions to align the notice with GDPR, saving you time and effort.

We’re not stopping here. Next on the agenda are automated cookie policy reviews, taking another tedious task off your plate. Stay tuned—there’s much more to come.

Curious to see it in action? Sign up at app.curatedai.eu and try it out today. You get 3 DOCUMENT REVIEWS FOR FREE with your registration.