CookieLens

CookieLens — Making Cookie Consent Actually Make Sense 💡 Inspiration CookieLens was inspired by a simple but pressing question:

"Do users really know what data leaves a website when they click Accept Cookies?" Most consent banners today are just legal checkboxes — not real transparency tools. We wanted to change that. CookieLens reimagines cookie compliance by combining AI and code/runtime analysis to actually explain what's happening: 👉 what data goes where — and why. ⚙️ What It Does CookieLens is an AI-powered compliance agent that automatically scans any website, detects every cookie and outbound data flow, and explains — in clear, human language — exactly what's being shared. It generates: 🧩 A ready-to-embed consent banner 🌍 A visual data-sharing report 📜 A compliant, multilingual cookie policy 📊 A comprehensive compliance analysis against GDPR, CCPA, and SOC2 frameworks All within minutes — and all automatically. 🧠 How We Built It We brought four powerful technologies together: 🕵️‍♂️ Semgrep → static code analysis to find cookie writes, trackers, and outbound data points. 🌐 Puppeteer → runtime scanning to observe cookies and third-party network calls in action. 💬 Claude (via AWS Bedrock) → natural-language explanations that turn raw technical evidence into friendly, multilingual summaries. 🔐 Vanta (via MCP Server) → compliance framework integration that automatically evaluates cookie practices against GDPR, CCPA, and SOC2 requirements, generating actionable compliance scores and remediation recommendations. Everything runs securely inside AWS, with encryption, access control, and zero data leaving the environment. 🧩 Challenges We Ran Into Keeping cookie and PII data secure while still analyzing it effectively. Building accurate classification rules across thousands of different cookie and tracker names. Getting Claude to write legally sound and user-friendly summaries (not easy!). Making the AI explanations feel natural inside a responsive, lightweight React banner. Mapping runtime scan data to specific compliance framework controls across multiple regulations. 🏆 Accomplishments We're Proud Of Built a full end-to-end AI compliance pipeline in under 24 hours. Achieved 90%+ detection coverage across popular CMS and e-commerce sites. Delivered clear, multilingual explanations users actually understand. Created a modern, embeddable consent UI that's compliant, elegant, and transparent. Integrated automated compliance scoring that maps findings directly to GDPR, CCPA, and SOC2 controls. 📚 What We Learned How to bridge static and dynamic analysis for real-world privacy auditing. How to build trustworthy AI that explains rather than obscures. That clarity beats legal jargon — transparency builds user trust. How to leverage compliance frameworks as code through Vanta's API to make regulations actionable. And most importantly: privacy by design isn't just possible — it's powerful. 🚀 What's Next for CookieLens We're just getting started. Next, we plan to: ⚡ Add real-time script blocking based on consent preferences. 🧮 Expand cookie classification with ML-powered heuristics. 📊 Launch a developer dashboard to monitor compliance drift over time. 🧰 Open-source a lightweight CookieLens CLI + API for CI integration. 🔍 Expand framework coverage to include ISO 27001, HIPAA, and regional privacy laws. 🧡 Privacy shouldn't be painful — CookieLens makes it understandable.

Built With

• amazon-web-services
• bedrock
• claude
• lambda
• vanta