GuardianStack turns obligations into guided work, source-cited evidence and a path to ongoing checks. Start with a free public website check for the privacy, cookie, security and business-identity signals people can see before they trust you.
Website trust check
Ref · GS-public · yourshop.co.uk
What the public check reviews
Illustrative preview — run the free check for your actual public website signals.
The free scan shows the outside view. The operating layer helps turn obligations into guided work and evidence. The continuous layer is designed to help keep that position current as the business changes.
Privacy notice, ICO registration, SSL/TLS, cookies, DNS/email auth, Companies House, processor coverage — what customers, clients, and regulators can see from outside.
DPA coverage, marketing consent records, data retention, lawful-basis gating, privacy-notice completeness — what you actually do internally that public scanning cannot see. Four AI agents handle these.
Cookie re-checks are live today. Wider re-checks for apps, processors, retention rules, and policies are rolling out so gaps do not reappear quietly between manual reviews.
Estimated £3,400–£9,300 of equivalent manual compliance work, free for selected beta users.
Four agents cover five operating-layer checks — the Cookie agent handles two (marketing consent records and lawful-basis gating, PECR Reg. 6 + GDPR Art. 6); the others map one-to-one to DPAs, retention, and privacy notices. Cookie re-checks are live; continuous monitoring for the remaining checks is rolling out. UK SMEs often stitch this work together manually across tools, templates, and consultants; GuardianStack brings the workflow into one evidence-led workspace.Click any agent to see exactly how they work.
Drafts real DOCX agreements for Klaviyo, Hotjar, and other apps — ready for your review.
Scans and classifies cookies and highlights pre-consent risks.
Identifies records past ICO retention periods. Flags what to review and export.
Privacy Policy reviews with audit trails. Proves due diligence.
Cookie apps focus on 1 slice. Manual upkeep often means extra tools, spreadsheets, and review cycles. GuardianStack covers 5 checks with AI agents — Pro starts at £49/month.
No black boxes. We show you the exact ICO methodology we use, the weights we apply, and how each gap affects your score. You'll understand exactly where you stand.
Your actual results will be based on your store's apps, policies, and customer data.
The model decides what a question needs. Verified facts stay outside its control. A measurement harness tests every change, while bounded improvement loops strengthen coverage without rewriting the facts.
This is the architecture GuardianStack is building towards. The trust spine and development loop are running today; the wider in-product compounding loop remains part of the roadmap.
Most AI tools let the model make up the answer. So you can't really trust it.
GuardianStack flips that. The model only picks the path. The wording may be generated. The facts never are.
A fenced router reads the question, then builds the answer from certified facts. Because those facts stay locked, every answer can be checked.
And we prove every change. Answers are tested against a growing labelled benchmark, with safety gates that block regressions.
When testing finds a weakness, the improvement loop makes one bounded fix, then proves it again, while the facts stay locked.
GuardianStack. Compliance answers you can finally trust.
Production note: narration uses an AI-generated British voice.
After the public scan, GuardianStack’s agents confirm what is actually happening inside — the five operating-layer checks below. You review every output before anything is used or applied.
DPA coverage
Article 28-aligned DPA drafts for third-party apps detected in your store.
GDPR Art. 28Retention review
Highlights old customer records and asks you to confirm the lawful basis before cleanup decisions.
Storage LimitationCookie consent
Checks whether tracking appears before consent and preserves evidence for review.
PECR / ePrivacyMarketing consent records
Checks whether marketing consent records are timestamped, traceable, and ready to evidence.
PECR Reg. 6 + GDPR Art. 6Privacy notice accountability
Reviews privacy notice gaps and keeps an audit trail of what was checked and approved.
AccountabilityEvery document requires your approval
Cites relevant GDPR articles
Update when your apps change
Most UK SMEs stitch three or four point solutions — a cookie tool, a DPA generator, a privacy policy maker, maybe a retention tracker — each solving one obligation with no shared evidence trail. Enterprise GRC platforms cover the same ground but at enterprise price and complexity. GuardianStack brings the five operating-layer checks into one workspace, with Glass Box reasoning and a staged path to continuous monitoring.
Swipe to compare →
Not on this table: HR/employment-law consultants like Peninsula, Citation, or Mentor. They cover employment law and broader compliance advisory — a different buyer job, not an alternative to GuardianStack.
How we build trust into every interaction
We scan your store without making changes. Every action requires your explicit approval.
See exactly how we reach each recommendation. No black-box magic - full decision logs.
AI generates drafts. You review before anything applies. Your business, your call.
GuardianStack is operated by MikaHari Labs Ltd (Company No. 14894353). GuardianStack is not a law firm. Generated documents are AI-assisted drafts for your review. Consult legal counsel for advice specific to your situation.
Beta is currently Shopify-first — selected users get 30 days free. Non-Shopify SMEs can request beta access for early review of the operating-layer checks. After beta closes, new merchants begin on a standard 14-day free trial.
Separate tools & templates, billed in pieces
Costs stack with each tool — no single headline price
Selected Beta Users
Shopify-first. Opening to selected UK merchants.
30 days free from installation
Limited places available during beta.
No credit card required
Cheaper than stitching 4 point solutions; a fraction of enterprise GRC.
The ICO is the UK's independent regulator for data rights. They don't just fine businesses; they enforce the 7 Principles of GDPR.
Most stores think a "cookie banner" makes them compliant.It covers only one part of your operating-layer compliance picture.
ICO enforcement can be expensive, but the everyday risk for SMEs is usually simpler: losing customer trust, time, and evidence when something is challenged.
Article 28 (GDPR)
You are legally liable if apps like Klaviyo lose your customer data—unless you have a contract.
Article 5(1)(e)
Keeping data "just in case" is illegal. You must delete old customer records when no lawful basis remains.
PECR / ePrivacy
Banners aren't enough. You must ensure tracking scripts do not load until the user clicks "Accept".
Article 5(2)
Doing the right thing isn't enough. You must prove it with logs and audit trails.
Start with a free read-only website check. Selected beta users can connect Shopify to review DPAs, cookies, retention, consent records, and privacy notices in one evidence-led workspace.