Live on Shopify · Limited Beta

Find and fix the compliance gaps in your Shopify store.

Five operating-layer checks, four AI agents, one Shopify install.

Read-only scan
Results in 30 seconds
No credit card

Built for 5.7 million UK SMEs · Starting with Shopify · Glass Box AI — every recommendation backed by real enforcement data

One operating system

One Compliance Operating System. Three layers of evidence.

The free scan shows the outside view. The operating layer helps turn obligations into guided work and evidence. The continuous layer is designed to help keep that position current as the business changes.

  1. Layer 1Free

    Outside view

    Privacy notice, ICO registration, SSL/TLS, cookies, DNS/email auth, Companies House, processor coverage — what customers, clients, and regulators can see from outside.

    Who:
    Anyone with a UK website
    When:
    Free, instant, every scan
  2. Layer 2Beta

    Operating layer

    DPA coverage, marketing consent records, data retention, lawful-basis gating, privacy-notice completeness — what you actually do internally that public scanning cannot see. Four AI agents handle these.

    Who:
    Connected stores (Shopify today, more platforms next)
    When:
    After connection
  3. Layer 3Cookies live, others rolling out

    Continuous

    Cookie re-checks are live today. Wider re-checks for apps, processors, retention rules, and policies are rolling out so gaps do not reappear quietly between manual reviews.

    Who:
    Connected stores
    When:
    Cookies live; wider checks rolling out
40-Second Store Health Check

How healthy is your Shopify store?

Watch a real store get scanned live. In under 40 seconds, you'll see exactly where the GDPR gaps are, what the ICO could fine you, and what needs fixing — no signup, no consultant, just the truth about your store.

See your penalty exposure — based on real ICO enforcement cases
Every compliance gap found in under 40 seconds
Plain English — no jargon, just what to fix and why

The ICO fined a UK retailer £45,000 for exactly this kind of gap. Would your store pass?

Layer 2 · 4 AI agents · platform-agnostic

Four agents. Five operating-layer checks.

Estimated £3,400–£9,300 of equivalent manual compliance work, free for selected beta users.

Four agents cover five operating-layer checks — the Cookie agent handles two (marketing consent records and lawful-basis gating, PECR Reg. 6 + GDPR Art. 6); the others map one-to-one to DPAs, retention, and privacy notices. Cookie re-checks are live; continuous monitoring for the remaining checks is rolling out. UK SMEs often stitch this work together manually across tools, templates, and consultants; GuardianStack brings the workflow into one evidence-led workspace.Click any agent to see exactly how they work.

Most Used

DPA Agent

Drafts real DOCX agreements for Klaviyo, Hotjar, and other apps — ready for your review.

✓ Article 28-aligned draft · ✓ Ready for review
Vendor Agreements

Cookie Agent

Scans and classifies cookies and highlights pre-consent risks.

✓ PECR compliant · ✓ Audit evidence
Consent Audit

Retention Agent

Identifies records past ICO retention periods. Flags what to review and export.

✓ Article 5(1)(e) · ✓ Data minimisation
Data Cleanup

Review Agent

Privacy Policy reviews with audit trails. Proves due diligence.

✓ Article 5(2) · ✓ Accountability
Audit Trail

Cookie apps focus on 1 slice. Manual upkeep often means extra tools, spreadsheets, and review cycles. GuardianStack covers 5 checks with AI agents — Pro starts at £49/month.

Glass Box Transparency

See Exactly How We Calculate Your Risk

No black boxes. We show you the exact ICO methodology we use, the weights we apply, and how each gap affects your score. You'll understand exactly where you stand.

  • Risk scores grounded in real ICO enforcement decisions — not estimates
  • Full citation chain: which regulation, which article, which precedent
  • ICO-weighted scoring methodology — see exactly how each gap affects your score
  • Penalty exposure calculated from your actual business profile and sector
What you'll see after connecting
Demo Preview
Data Processing Agreements
Art. 28
Action needed
Privacy Notices
Art. 13/14
Compliant
Cookie Consent
PECR
Review needed
Data Retention
Art. 5(1)(e)
Action needed

Your actual results will be based on your store's apps, policies, and customer data.

Architecture film · current + roadmap · 55 seconds

How we’re building the Compliance Operating System

The model decides what a question needs. Verified facts stay outside its control. A measurement harness tests every change, while bounded improvement loops strengthen coverage without rewriting the facts.

This is the architecture GuardianStack is building towards. The trust spine and development loop are running today; the wider in-product compounding loop remains part of the roadmap.

Read the film transcript

Most AI tools let the model make up the answer. So you can't really trust it.

GuardianStack flips that. The model only picks the path. The wording may be generated. The facts never are.

A fenced router reads the question, then builds the answer from certified facts. Because those facts stay locked, every answer can be checked.

And we prove every change. Answers are tested against a growing labelled benchmark, with safety gates that block regressions.

When testing finds a weakness, the improvement loop makes one bounded fix, then proves it again, while the facts stay locked.

GuardianStack. Compliance answers you can finally trust.

Production note: narration uses an AI-generated British voice.

Beta output

What we verify in your operating layer

After the public scan, GuardianStack’s agents confirm what is actually happening inside — the five operating-layer checks below. You review every output before anything is used or applied.

DPA coverage

Beta

Article 28-aligned DPA drafts for third-party apps detected in your store.

GDPR Art. 28

Retention review

Beta

Highlights old customer records and asks you to confirm the lawful basis before cleanup decisions.

Storage Limitation

Cookie consent

Live audit

Checks whether tracking appears before consent and preserves evidence for review.

PECR / ePrivacy

Marketing consent records

Beta

Checks whether marketing consent records are timestamped, traceable, and ready to evidence.

PECR Reg. 6 + GDPR Art. 6

Privacy notice accountability

Beta

Reviews privacy notice gaps and keeps an audit trail of what was checked and approved.

Accountability
Included during your 30-day beta: DPA Agent, Cookie Agent, Retention Agent, and Review Agent — working together for your compliance.

You review first

Every document requires your approval

ICO-referenced

Cites relevant GDPR articles

Regenerate anytime

Update when your apps change

How we compare

Most UK SMEs stitch three or four point solutions — a cookie tool, a DPA generator, a privacy policy maker, maybe a retention tracker — each solving one obligation with no shared evidence trail. Enterprise GRC platforms cover the same ground but at enterprise price and complexity. GuardianStack brings the five operating-layer checks into one workspace, with Glass Box reasoning and a staged path to continuous monitoring.

Swipe to compare →

Cookie-only tools
Cookiebot, Osano, Termly
Enterprise GRC
OneTrust, TrustArc
GuardianStack
UK SME, five checks
Typical buyer
Anyone needing a banner
Enterprise privacy team
UK SME, founder-led
Price
£9–35/mo each tool
£10k+/yr
£0 beta · £49/mo Pro
Scope
Cookies only
Many obligations, heavy
5 operating-layer checks, right-sized
Cookie consent
✓ + drift checks
DPAs (Article 28)
✓ via integrations
✓ AI-drafted per processor
Marketing consent records
Limited
✓ timestamped audit trail
Retention rules
✓ via add-ons
✓ review + rollout monitoring
Privacy notice gaps
Generator only
Manual review
✓ checked + cited
Reasoning behind findings
Static checklist
Black-box scoring
Glass Box — every finding cited
Setup
Per tool, stitched
Months of implementation
One workspace, minutes

Not on this table: HR/employment-law consultants like Peninsula, Citation, or Mentor. They cover employment law and broader compliance advisory — a different buyer job, not an alternative to GuardianStack.

Safe by Design

How we build trust into every interaction

Read-Only by Default

We scan your store without making changes. Every action requires your explicit approval.

Glass Box Transparency

See exactly how we reach each recommendation. No black-box magic - full decision logs.

You Review Everything

AI generates drafts. You review before anything applies. Your business, your call.

GuardianStack is operated by MikaHari Labs Ltd (Company No. 14894353). GuardianStack is not a law firm. Generated documents are AI-assisted drafts for your review. Consult legal counsel for advice specific to your situation.

Honest Pricing

Limited Beta Access. Selected Users Get 30 Days Free.

Beta is currently Shopify-first — selected users get 30 days free. Non-Shopify SMEs can request beta access for early review of the operating-layer checks. After beta closes, new merchants begin on a standard 14-day free trial.

Typical add-on stack

Separate tools & templates, billed in pieces

Multiple subscriptions

Costs stack with each tool — no single headline price

  • Consent, tags & policies handled in different places
  • Mostly manual upkeep & vendor spreadsheets
  • No unified DPA workflow
  • No ongoing retention analysis
  • No single audit-ready trail

GuardianStack Beta

Selected Beta Users

Shopify-first. Opening to selected UK merchants.

£0/mo

30 days free from installation

Limited places available during beta.

Selected beta users receive:
DPA Agent Drafts for review
Cookie Agent Part of Pro — not sold alone
Retention Agent Cleanup analysis
Review Agent Audit trails

No credit card required

After Beta — Paid Plans

Pro
Paid continuation after beta · single store
£49/month
Business
Multi-store support · audit reports
Coming soon
Enterprise
Full autonomous · API · white-label
Coming soon

Cheaper than stitching 4 point solutions; a fraction of enterprise GRC.

Founding Members
  • Launch pricing locked for life
  • Selected beta users get 30 days free
  • After beta closes, new merchants start on a 14-day trial
  • Priority access to new agents
Common Questions

Got Questions?

More questions? Contact us

Limited Beta · Apply for Access

See your public gaps in about 30 seconds. Then fix the operating-layer risks behind them.

Start with a free read-only website check. Selected beta users can connect Shopify to review DPAs, cookies, retention, consent records, and privacy notices in one evidence-led workspace.

Read-only scan About 30 seconds No credit card