stackpeek

a transparency register for privacy claims

We read your tech stack and your privacy policy.
Then we show you where they disagree.

stackpeek runs from the outside — using only what any visitor can see. No code access. No SDK. No cooperation from the audited site required. Every finding is public, timestamped, and permalinked so every party can verify it.

see the leaderboard → monitor your site — $79/mo →

featured audit

1Password — password manager

audited 2026-04-16 23:36:42 utc

mismatch

1Password loaded 28 third-party domain(s), of which 7 are privacy-sensitive. 2 mismatch finding(s): Policy says no advertising, but ad trackers were loaded; Policy says no third-party sharing, but third parties received requests. Privacy-sensitive vendors observed: 6sense, Google Analytics, Google DoubleClick, LinkedIn, Ninetailed, The Trade Desk.

“We collect information about: Your 1Password account... Your usage... You: Your IP address, the devices connected to your account, and the name, email address, and profile pictures”

— 1Password privacy policy

observed · html 

The Trade Desk
read the full 1Password audit → how we detected this →

this week

sites audited

57

aligned

8

warn

40

mismatch

9

batch scan · 2026-04-16

read the full leaderboard →

who this is for

stackpeek is for privacy and compliance teams who publish specific privacy claims and want to know whether their site keeps them. If you don’t publish a privacy policy, or if you don’t care whether your stack matches it, this is not the tool you’re looking for.

We will not audit private pages. We will not sign NDAs. We will not adjust ratings.

what stackpeek does

  1. 01 · observe

    Fetch the HTML of the target site from the outside. Enumerate every external script, iframe, image, and embed. Pattern-match inline scripts for known analytics and advertising fingerprints. Read the security headers.

  2. 02 · read

    Discover and fetch the privacy policy. Extract the structured claims: does it collect PII, share with third parties, sell data, use cookies, use analytics, use advertising? Which specific vendors does it name?

  3. 03 · compare

    Apply deterministic rules. Where the policy and the stack disagree, emit a finding. Every finding links to its evidence and its scan timestamp.

We audit every site on this leaderboard from the outside, using only what any visitor can see. We do not accept payment to include, exclude, or adjust any rating. Every finding links to its evidence and its scan timestamp. The methodology is public and versioned.

monitor your site

Weekly audits, drift alerts, and a private scan history for your own domain. No SDK, no code access.

$79/mo per domain

see what's included →

run it yourself

MIT-licensed. The same package that generates this leaderboard runs on your machine against any URL. 

pip install stackpeek
stackpeek audit https://your-site.example
cli docs →