Data Privacy

PII Leak Detector

Paste your URL below. We'll intercept every outbound tracking request and scan for email addresses, phone numbers, and other PII being sent to third parties.

Real browser scan

We launch a headless Chromium browser and load your page exactly like a real visitor would.

Instant analysis

Every network request, cookie, and dataLayer push is intercepted and analyzed in real-time.

Actionable findings

Get severity-scored results with specific fix instructions. Share the report via a unique link.

What we check

Emails in URLs

Scans page URLs, query parameters, and form action URLs for email addresses sent to analytics.

Phone numbers in payloads

Detects phone numbers in tracking payloads, custom dimensions, and event parameters.

IP addresses in custom dims

Finds raw IP addresses being sent as custom dimension values to GA4 or other platforms.

SSN and ID patterns

Pattern-matches for social security numbers, national IDs, and other sensitive identifiers.

How to read results

PII findings are the most severe. Google will delete your entire GA4 property if PII is detected in your data streams.

Critical = PII actively leaking to third-party servers. Fix immediately.Warning = Potential PII pattern detected. Manual review needed.Pass = No PII found in this check.

Common issues we find

Email in form action URLs sent to GA4

Login or signup forms include the email in the URL path, which GA4 captures as a page_view. Fix: use POST instead of GET for auth forms.

Phone numbers in custom dimensions

Developers pass raw phone numbers as event parameters for lead tracking. Fix: hash or remove PII before sending to GA4.

URLs like /login?email=user@company.com get sent as page_location. Fix: strip query params with GTM before the pageview fires.