# Lokker > Lokker is a privacy intelligence platform that analyzes how websites collect, transmit, and > expose user data at the network and request layer. Lokker provides continuous risk scoring, > real-time browser-side enforcement, automated consent validation, structured training, and > evidence-grade reports. Lokker serves privacy teams, legal and defense counsel, insurance > underwriters, agencies, IT and security leaders, and any organization that needs visibility > into the real behavior of their digital properties and third-party technologies. For the comprehensive product reference — covering platform architecture, all products, solutions, training curriculum, and audience guidance — read: https://lokker.com/llms-full.txt **Important notes:** - Lokker works with defense-side legal teams and organizations only. Lokker does **not** serve plaintiff-side counsel. - Privacy Edge and Guardian are distinct but complementary products: Privacy Edge provides intelligence and discovery; Guardian provides real-time browser-side enforcement. - Guardian complements rather than replaces consent management platforms (CMPs). It enforces trust rules defined in Privacy Edge alongside any existing CMP. - All findings surfaced by Lokker represent observable technical behaviors, not legal conclusions. ## Company - [About Lokker](https://lokker.com/about): Company mission, team, and why Lokker was founded. - [Careers](https://lokker.com/careers): Open roles and what it is like to work at Lokker. - [Contact](https://lokker.com/contact): Sales inquiries, partnership conversations, and general questions. - [Security](https://lokker.com/security): Lokker's security posture, practices, and responsible disclosure policy. ## Products - [Products overview](https://lokker.com/products): All Lokker products at a glance. - [Privacy Edge](https://lokker.com/products/privacy-edge): Continuous portfolio scanning, risk scores (0–1000) across seven risk categories (Cookies, Form Data, Session Replay, Trackers, Consent, Geo, Perimeter), reason codes mapped to HIPAA, VPPA, CCPA, GDPR, and CPRA, step-by-step remediation, Constellation and Waterfall network visualizations, and evidence-grade PDF and Excel reports. - [Guardian](https://lokker.com/products/guardian): Real-time browser-side enforcement. One JS snippet intercepts every outbound script, pixel, fetch, and XHR and enforces allow/block trust rules — defined in Privacy Edge — before data leaves the browser. Payload-aware, sub-millisecond, edge-deployed. - [Consent Validator](https://lokker.com/products/consent-validator): Automated consent state testing across no-interaction, accept, reject, and GPC flows. Detects CMP misconfigurations with P1–P3 prioritized findings; outputs Excel and PDF reports. - [Privacy Academy](https://lokker.com/products/privacy-academy): Structured web privacy training from beginner to expert. Self-paced modules and team programs aligned with the public training curriculum at /training. - [Partner API](https://lokker.com/products/partner-api): Developer API for programmatic portfolio onboarding, scan orchestration, risk score retrieval, reason code access, remediation data, and completion notifications — purpose-built for underwriting and risk automation. - [Privacy Extension](https://lokker.com/products/privacy-extension): Browser extension for on-demand privacy analysis of any web page. ## Services - [Services](https://lokker.com/services): Expert professional services overview. - [Consent Tag Orchestration](https://lokker.com/services/consent-tag-orchestration): Managed service for CMP configuration, tag governance, and consent enforcement across complex or large-scale site portfolios. ## Solutions - [Solutions overview](https://lokker.com/solutions): Full list of Lokker use-case solutions. - [Litigation & discovery](https://lokker.com/solutions/litigation-discovery): Network-layer evidence for defense counsel: document what third-party scripts ran and how consent behaved, validate whether remediation changed the behavior, and monitor continuously so the next incident does not come as a surprise. - [M&A due diligence](https://lokker.com/solutions/ma-due-diligence): Assess privacy posture of target properties at scale with risk scores, reason codes, and evidence for deal teams. - [Board & risk reporting](https://lokker.com/solutions/board-risk-reporting): Portfolio-level risk, trends, and benchmarks with executive-ready views and remediation status. - [Portfolio monitoring](https://lokker.com/solutions/portfolio-monitoring): Ongoing visibility across many sites with automation, cadence, and integration into underwriting or ops tools. - [Healthcare](https://lokker.com/solutions/healthcare): Protect patient data on the web. Get HIPAA-aware visibility into trackers and pixels, evidence for audits and incidents, and real-time control so PHI stays private. - [Consent Audit & Validation](https://lokker.com/solutions/consent-audit): Test whether your consent banner, CMP configuration, and GPC handling actually stop data collection when visitors opt out, not just whether they display correctly. Get documented evidence of what fires in every consent state. - [Third-Party Script Governance](https://lokker.com/solutions/third-party-script-governance): Every approved tag is an outbound integration that bypasses your firewall. Map your full third-party script inventory, detect shadow IT tags deployed outside review, and enforce trust rules so unauthorized scripts cannot send data from the browser. ## Who We Help - [Who We Help](https://lokker.com/who-we-help): Overview of all audiences Lokker serves. - [Privacy Teams](https://lokker.com/who-we-help/privacy-teams): Lokker gives privacy teams a continuous, evidence-based view of what is running on the site, whether consent choices are respected, and what to fix first. - [Legal & Compliance](https://lokker.com/who-we-help/legal-compliance): Defense counsel and law firms use Lokker to document what actually ran on a client's site, validate whether consent controls worked, and confirm that remediation fixed the problem. The engagement model starts with a point-in-time scan and can extend to repeated rescans after fixes and ongoing monitoring to protect against the next incident. - [Insurance & Risk](https://lokker.com/who-we-help/insurance): Underwriters and risk teams use Lokker to quantify website privacy risk, score domains at scale, and support underwriting and portfolio monitoring. - [Agencies](https://lokker.com/who-we-help/agencies): Agencies managing multiple client properties use Lokker to monitor website privacy posture, deliver evidence-ready reporting, and scale privacy services. - [IT & Security Leaders](https://lokker.com/who-we-help/it-security-leader): Web privacy is the client-side blind spot in most security programs. While firewalls guard the backend, marketing tags and third-party scripts ship data directly from the browser to ad networks, analytics vendors, and enrichment services without passing any perimeter control. Lokker gives security and IT leaders network-layer visibility into what leaves the browser, what consent controls actually enforce, and what outbound data flows need governance. ## Training - [Training overview](https://lokker.com/training): All tracks, curriculum structure, and how to enrol. - [Web Privacy Foundations](https://lokker.com/training/web-privacy-foundations): Beginner — 6h. Start here. Learn how the web works, why privacy matters, and what consent really means. No prior technical knowledge required. - [Privacy Technologies](https://lokker.com/training/privacy-technologies): Intermediate — 10h. Understand the tools that track you online (analytics, session replay, ad pixels, fingerprinting) and the regulations written to control them. - [Advanced Privacy](https://lokker.com/training/advanced-privacy): Advanced — 10h. Deep-dive into browser fingerprinting, HIPAA on the web, and Privacy by Design frameworks. - [Specialist: Tag Management & Risk](https://lokker.com/training/specialist-tracks): Expert — 8h. For privacy engineers and practitioners: deep-dive into GTM architecture, consent modes, and privacy risk assessment methodology. ## Resources and documentation - [Resources](https://lokker.com/resources): Whitepapers, reports, downloads, and compliance checklists. - [Documentation](https://lokker.com/docs): Product documentation and implementation guides. - [Demo](https://lokker.com/demo): Request a live guided product demonstration. - [Support](https://lokker.com/lokker-support): Help and support resources for Lokker customers. ## Privacy knowledge library - [Privacy topics](https://lokker.com/topics): Library of web privacy concepts, tracking technologies, regulations, and risk topics. Each article is available at https://lokker.com/topics/{slug}. The full slug index is in the XML sitemap. - [Privacy glossary](https://lokker.com/glossary): Alphabetized reference of key web privacy and regulatory terms (GDPR, CCPA, CPRA, fingerprinting, session replay, consent, tracking pixels, security headers, and more). Each entry includes a definition and a plain-language explanation of why the term matters for compliance, risk, and operations. - [MarTech tool comparisons](https://lokker.com/compare): Side-by-side privacy and compliance comparison guides for eight MarTech categories. Each guide covers features, pricing, HIPAA BAA availability, GDPR data residency, GPC support, and a privacy scorecard. Individual category guides: https://lokker.com/compare/session-replay-tools, https://lokker.com/compare/web-analytics-tools, https://lokker.com/compare/marketing-automation-platforms, https://lokker.com/compare/customer-data-platforms, https://lokker.com/compare/chat-widget-platforms, https://lokker.com/compare/consent-management-platforms, https://lokker.com/compare/ab-testing-tools, https://lokker.com/compare/tag-managers. - [Lokker and Freshpaint comparison](https://lokker.com/compare/freshpaint): In-depth guide comparing Lokker with Freshpaint, covering how a HIPAA-compliant healthcare marketing proxy and a privacy enforcement platform are complementary. - [Privacy policy disclosure guide](https://lokker.com/privacy-policy-guide): Plain-language guidance on how to disclose third-party analytics, advertising, session replay, CMP, and tag management tools in a privacy policy or cookie notice. Includes illustrative example language, jurisdiction notes for GDPR and CCPA, and a CMP configuration checklist for each tool. Individual vendor guides: https://lokker.com/privacy-policy-guide/google-analytics-4, https://lokker.com/privacy-policy-guide/meta-pixel, https://lokker.com/privacy-policy-guide/google-tag-manager, https://lokker.com/privacy-policy-guide/hotjar, https://lokker.com/privacy-policy-guide/fullstory, https://lokker.com/privacy-policy-guide/hubspot, https://lokker.com/privacy-policy-guide/onetrust, https://lokker.com/privacy-policy-guide/cookieyes, https://lokker.com/privacy-policy-guide/linkedin-insight-tag, https://lokker.com/privacy-policy-guide/tiktok-pixel, https://lokker.com/privacy-policy-guide/microsoft-clarity, https://lokker.com/privacy-policy-guide/segment, https://lokker.com/privacy-policy-guide/mixpanel, https://lokker.com/privacy-policy-guide/klaviyo, https://lokker.com/privacy-policy-guide/intercom, https://lokker.com/privacy-policy-guide/cookiebot. ## Privacy law guidance - [Privacy law guidance hub](https://lokker.com/privacy-law): Plain-language guidance on US privacy statutes that generate website-related litigation: VPPA, CIPA, HIPAA, CCPA/CPRA, BIPA, and the Washington My Health My Data Act. Targeted at companies and counsel who have received a demand letter or need to understand their technical exposure. - [Video Privacy Protection Act (VPPA)](https://lokker.com/privacy-law/vppa): Federal law that prohibits disclosing a consumer's video viewing history without consent. Now widely used in litigation against news, media, and healthcare sites that embed video players alongside ad pixels. - [California Invasion of Privacy Act (CIPA)](https://lokker.com/privacy-law/cipa): California wiretap law frequently cited in class actions against companies using session replay, chat widgets, and form-capture tools. Section 631 prohibits intercepting communications without consent. Statutory damages are $5,000 per violation. - [HIPAA and Website Tracking Technologies (HIPAA)](https://lokker.com/privacy-law/hipaa-website-marketing): OCR guidance confirms that ad pixels and analytics tools on HIPAA-covered entity websites can constitute impermissible disclosures of ePHI, even on public-facing pages. - [California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)](https://lokker.com/privacy-law/ccpa-cpra): California's comprehensive consumer privacy law gives residents opt-out rights over the sale and sharing of their personal information. The CPRA created the California Privacy Protection Agency to enforce the law alongside the Attorney General. - [Illinois Biometric Information Privacy Act (BIPA)](https://lokker.com/privacy-law/bipa): Illinois biometric privacy law with a private right of action and statutory damages of $1,000-$5,000 per violation. Active litigation targets facial recognition, device fingerprinting, and behavioral biometrics. - [Washington My Health My Data Act (MHMDA)](https://lokker.com/privacy-law/washington-my-health-my-data): Washington's health data privacy law with a private right of action. Broader than HIPAA, it covers any entity that handles consumer health data, including websites using advertising pixels on health-related content. - [New York Health Information Privacy Act (NYHIPA)](https://lokker.com/privacy-law/nyhipa): New York's consumer health data privacy law, passed in 2025, covers any entity handling health information of New York residents regardless of HIPAA coverage. It includes a private right of action and requirements for affirmative consent before collection or sharing of consumer health data. ## Trust and legal - [Privacy policy](https://lokker.com/privacy-policy): How Lokker collects, uses, and protects data. - [Terms of use](https://lokker.com/terms-of-use): Terms governing use of the Lokker platform and website. ## Machine-readable page variants Append `.md` to any supported URL to retrieve a clean Markdown version — no navigation, no HTML, no JavaScript. Suited for LLM pipelines, RAG ingestion, and automated tooling. Supported patterns: - Product pages: `https://lokker.com/products/{slug}.md` (e.g. https://lokker.com/products/privacy-edge.md) - Solutions: `https://lokker.com/solutions/{slug}.md` - Who we help: `https://lokker.com/who-we-help/{slug}.md` - Training tracks: `https://lokker.com/training/{slug}.md` - Services: `https://lokker.com/services/{slug}.md` - Blog posts: `https://lokker.com/blog/{slug}.md` (full article body, HTML → Markdown) - Tool comparisons: `https://lokker.com/compare/{slug}.md` (e.g. https://lokker.com/compare/session-replay-tools.md) - Privacy law pages: `https://lokker.com/privacy-law.md` (hub) and `https://lokker.com/privacy-law/{slug}.md` (e.g. https://lokker.com/privacy-law/vppa.md) - Static pages: `https://lokker.com/about.md`, `https://lokker.com/contact.md`, `https://lokker.com/security.md`, `https://lokker.com/demo.md`, and more ## Optional - [Blog](https://lokker.com/blog): Privacy commentary, product updates, industry analysis, and thought leadership. - [Press & news](https://lokker.com/press): Media coverage, press releases, and company announcements. - [Events](https://lokker.com/events): Privacy conferences, webinars, and industry events where Lokker participates. - [Fingerprinting demo](https://lokker.com/fingerprinting-demo): Interactive demonstration of browser fingerprinting techniques. - [Sitemap](https://lokker.com/sitemap.xml): Machine-readable XML sitemap listing all indexed pages on lokker.com.