Competitor comparison
Feature comparison with evidence links. Competitor claims reflect public documentation and product pages as of the last review. If something is marked unknown, we couldn’t verify it publicly.
Quick summary
If you just want fast SMB compliance, focus on generators + banner + scanner. This page is the deep dive.
SMB mode = practical essentialsEU ad-tech mode = TCF/CMP heavyEvidence links included for each claimLast reviewed: March 2026
Scoring mode: SMB score (default)
Optimized for SMBs/startups shipping fast. Excludes TCF/certified CMP requirements.
SMB mode is the default. EU ad-tech buyers typically require TCF certification.
How scoring works
Each feature has a weight (1–5). Coverage is scored as Yes=1.0, Partial=0.6, Unknown=0.25, No=0.0, then summed.
Scores are directional (for product decisions), not legal advice and not a guarantee of compliance.
Highest-ROI gaps (across competitors)
Features where competitors frequently score “Yes” and LegalKit is “Partial/No”.
- DSAR workflow automation — 1/7 competitors say “Yes”LegalKit: Partial — DSAR routes exist; workflow depth likely behind privacy platforms.
Termly
Evidence: Pricing page
LegalKit
97%
Termly
38%
Where LegalKit wins
- Consent banner + script blocking — Consent banner + comprehensive script blocking exists (incl. GTM interception).
- Scheduled scans + alerts (email/Slack/webhooks) — Scheduled scans + cron routes exist (needs production proof).
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Website scan + service detection depth — Public scan endpoint + large detection patterns exist in code.
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | Termly | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Partial (60%) Markets scans; depth unclear from pricing. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Yes (100%) Markets legal policies + templates. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Unknown (25%) Not clearly evidenced in our snapshot. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Markets Google Consent Mode v2. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not clearly evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not clearly evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not clearly evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not clearly evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not clearly evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not clearly evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not clearly evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
iubenda
Evidence: Pricing page
LegalKit
97%
iubenda
38%
Where LegalKit wins
- Consent banner + script blocking — Consent banner + comprehensive script blocking exists (incl. GTM interception).
- Scheduled scans + alerts (email/Slack/webhooks) — Scheduled scans + cron routes exist (needs production proof).
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Website scan + service detection depth — Public scan endpoint + large detection patterns exist in code.
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | iubenda | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Partial (60%) Markets scans; depth unclear from pricing. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Yes (100%) Markets policy generator/templates. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Unknown (25%) Not clearly evidenced in our snapshot. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Common CMP feature; verify on pricing/docs. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not clearly evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not clearly evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not clearly evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
CookieYes
Evidence: Pricing page
LegalKit
97%
CookieYes
57%
Where LegalKit wins
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
- Geo-targeted consent behavior — Geo-targeting logic exists (region detection + rule sets).
- WordPress integration — WordPress plugin exists in repo (needs install proof).
- Policy generators + exports (PDF/DOCX/HTML/MD) — Policy engine + PDF/DOCX/HTML/MD exports exist in code.
- GTM compatibility (blocking + consent signaling) — GTM interception + detection exist; needs runtime proof on a real GTM site.
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | CookieYes | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Yes (100%) Markets cookie scanning. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Partial (60%) Offers policy tooling; breadth unclear. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Yes (100%) CMP product implies banner + blocking. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Markets Google Consent Mode support. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not clearly evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not clearly evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Yes (100%) Markets automated scans. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Yes (100%) Markets consent logs/records. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not clearly evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
Cookiebot
Evidence: Pricing page
LegalKit
97%
Cookiebot
51%
Where LegalKit wins
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
- Geo-targeted consent behavior — Geo-targeting logic exists (region detection + rule sets).
- WordPress integration — WordPress plugin exists in repo (needs install proof).
- Policy generators + exports (PDF/DOCX/HTML/MD) — Policy engine + PDF/DOCX/HTML/MD exports exist in code.
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | Cookiebot | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not clearly evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Yes (100%) Markets automated scans. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Partial (60%) Markets privacy policy generation. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Yes (100%) CMP product implies banner + blocking. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Markets Consent Mode v2. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not clearly evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not clearly evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Yes (100%) Markets automated scans. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not clearly evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
Usercentrics
Evidence: Pricing page
LegalKit
97%
Usercentrics
49%
Where LegalKit wins
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
- Policy generators + exports (PDF/DOCX/HTML/MD) — Policy engine + PDF/DOCX/HTML/MD exports exist in code.
- Geo-targeted consent behavior — Geo-targeting logic exists (region detection + rule sets).
- WordPress integration — WordPress plugin exists in repo (needs install proof).
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | Usercentrics | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Yes (100%) Markets scanning and CMP. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Unknown (25%) Not evidenced in our snapshot. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Yes (100%) CMP product implies banner + blocking. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Markets Consent Mode. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not clearly evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not clearly evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Yes (100%) Markets scans/automation. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
Osano
Evidence: Pricing page
LegalKit
97%
Osano
40%
Where LegalKit wins
- Consent banner + script blocking — Consent banner + comprehensive script blocking exists (incl. GTM interception).
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
- Policy generators + exports (PDF/DOCX/HTML/MD) — Policy engine + PDF/DOCX/HTML/MD exports exist in code.
- Google Consent Mode v2 — Consent SDK includes Google Consent Mode v2 integration.
Gaps to close
- DSAR workflow automation — Upsell lever, but not the primary SMB buying wedge.LegalKit: DSAR routes exist; workflow depth likely behind privacy platforms.
| Feature | Weight | LegalKit | Osano | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Yes (100%) Markets privacy platform scanning/monitoring. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Unknown (25%) Not evidenced in our snapshot. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Unknown (25%) Not clearly evidenced in our snapshot. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Unknown (25%) Not evidenced in our snapshot. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Yes (100%) Privacy platform positioning implies monitoring. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Yes (100%) Markets DSAR automation as a core module. | Upsell lever, but not the primary SMB buying wedge. |
Didomi
Evidence: Pricing page
LegalKit
97%
Didomi
36%
Where LegalKit wins
- Website scan + service detection depth — Public scan endpoint + large detection patterns exist in code.
- Scheduled scans + alerts (email/Slack/webhooks) — Scheduled scans + cron routes exist (needs production proof).
- Consent proof logs + export — Consent logging + proof artifacts exist (retention policy needs proof).
- Free scan (no account) + lead capture — Public scan flow exists; acquisition loop does not require login.
- Scan → policy autofill — Scanner-to-policy workflow exists with integration tests.
- Policy generators + exports (PDF/DOCX/HTML/MD) — Policy engine + PDF/DOCX/HTML/MD exports exist in code.
Gaps to close
- No major gaps detected in this small rubric.
| Feature | Weight | LegalKit | Didomi | Why it matters |
|---|---|---|---|---|
Free scan (no account) + lead capture scanner | 4 | Yes (100%) Public scan flow exists; acquisition loop does not require login. | Unknown (25%) Not evidenced in our snapshot. | This is the lowest-friction acquisition loop for SMBs and agencies. |
Website scan + service detection depth scanner | 5 | Yes (100%) Public scan endpoint + large detection patterns exist in code. | Unknown (25%) CMP focus; scan offerings unclear from our snapshot. | Everything else depends on accurate detection (policies, fixes, monitoring). |
Scan → policy autofill scanner | 4 | Yes (100%) Scanner-to-policy workflow exists with integration tests. | Unknown (25%) Not evidenced in our snapshot. | This is the “instant value” moment that beats DIY compliance docs. |
Policy generators + exports (PDF/DOCX/HTML/MD) policies | 4 | Yes (100%) Policy engine + PDF/DOCX/HTML/MD exports exist in code. | Unknown (25%) Not evidenced in our snapshot. | SMBs pay to ship compliant docs quickly (and keep them updated). |
Consent banner + script blocking consent_cmp | 5 | Yes (100%) Consent banner + comprehensive script blocking exists (incl. GTM interception). | Yes (100%) CMP product implies banner + blocking. | If tracking runs before consent, you’re out of compliance and buyers churn. |
Google Consent Mode v2 consent_cmp | 4 | Yes (100%) Consent SDK includes Google Consent Mode v2 integration. | Yes (100%) Common CMP feature; verify on pricing/docs. | Required for modern ad/analytics stacks and conversion measurement. |
Geo-targeted consent behavior consent_cmp | 4 | Yes (100%) Geo-targeting logic exists (region detection + rule sets). | Unknown (25%) Not evidenced in our snapshot. | SMBs want “set it and forget it” across EU/US states without legal ops. |
Multi-language + accessibility basics consent_cmp | 3 | Partial (60%) Consent translations exist (10 languages), but plan/UX gating and accessibility proof not captured. | Unknown (25%) Not evidenced in our snapshot. | Table-stakes for global SMBs; a major competitor selling point. |
Scheduled scans + alerts (email/Slack/webhooks) monitoring | 5 | Yes (100%) Scheduled scans + cron routes exist (needs production proof). | Unknown (25%) Not clearly evidenced in our snapshot. | Monitoring is the recurring value that justifies subscriptions. |
Consent proof logs + export proof_audit | 5 | Yes (100%) Consent logging + proof artifacts exist (retention policy needs proof). | Unknown (25%) Not evidenced in our snapshot. | If you can’t prove consent, compliance is a story not a system. |
WordPress integration integrations | 4 | Yes (100%) WordPress plugin exists in repo (needs install proof). | Unknown (25%) Not evidenced in our snapshot. | Largest SMB channel; “works on WP” is often the buying decision. |
GTM compatibility (blocking + consent signaling) integrations | 3 | Yes (100%) GTM interception + detection exist; needs runtime proof on a real GTM site. | Unknown (25%) Not evidenced in our snapshot. | Most SMBs deploy tracking through GTM; if GTM breaks, you lose the account. |
Teams / roles / invites platform | 3 | Yes (100%) Team roles + invite emails + accept links exist (still needs runtime proof + email provider config). | Unknown (25%) Not evidenced in our snapshot. | Agencies and founders need collaboration without sharing passwords. |
API + webhooks platform | 3 | Yes (100%) API routes + webhooks infrastructure exist. | Unknown (25%) Not evidenced in our snapshot. | The “agency automation” wedge to higher ACV and stickiness. |
White-label branding platform | 2 | Yes (100%) White-label config + branding APIs/UI exist (needs runtime proof). | Unknown (25%) Not evidenced in our snapshot. | Agencies pay more for client-facing branding and custom domains. |
DSAR workflow automation platform | 2 | Partial (60%) DSAR routes exist; workflow depth likely behind privacy platforms. | Unknown (25%) Not evidenced in our snapshot. | Upsell lever, but not the primary SMB buying wedge. |
Want this to be “competitor-proof”?
Next step is replacing “unknown/assumed” competitor ratings with evidence snapshots, and replacing LegalKit “code-backed” claims with runtime proof artifacts (screenshots, DB rows, live demos). See `docs/COMPETITIVE_AUDIT.md`.
Get the launch checklist + ROI features
We’ll email the shortest path to a paid, compliant install (banner + monitoring + alerts).