Honest comparison

Pageguard and ChatGPT: what each one can actually do.

Name: PageGuard Document Credits
Brand: PageGuard
Price: 79 USD
Availability: InStock
Rating: 4.9 (3 reviews)

Same prompt, same product, same jurisdiction. The difference is what each tool can see.

ChatGPT is fine at prose. It just can’t see your Podfile, your runtime cookies, or which version of Google Analytics is loading. The specific facts that make a privacy policy accurate — which cookies fire before consent, what country a processor is in, how long _ga sticks around — come from scanning your actual stack. That’s the only real difference. This page shows it, side by side, with real output.

You can reproduce the ChatGPT side yourself. Paste “write a privacy policy for my [Next.js/React Native/Shopify] app using [list of tools]” into ChatGPT and compare it to your scan output.

Three stacks, two outputs

Stack: Next.js + Vercel Analytics + Stripe

ChatGPT output

We may collect information you provide
directly to us, including name, email, and
payment details. We use analytics services
to understand how visitors use our website.
We work with payment processors to handle
transactions securely. You may opt out of
marketing communications at any time.

Pageguard output

Analytics: Vercel Analytics (edge-based,
no cookies set, processor: Vercel Inc.,
US). No consent required under ePrivacy.

Payments: Stripe, Inc. (US). Sets
__stripe_mid (2yr) and __stripe_sid (30min)
before consent — legitimate interest basis.

Retention: Analytics aggregates purged at
90 days. No cross-site tracking.

ChatGPT's draft names “analytics services” and “payment processors.” The scan found Vercel Analytics (cookieless, no consent needed) and Stripe (sets two cookies before consent, flagged as legitimate interest). Different legal treatment; same generic sentence.

Stack: React Native + Firebase + RevenueCat

ChatGPT output

Our app may collect device identifiers and
usage data to improve your experience. We
use third-party services for analytics and
subscription management. Your data may be
shared with our service providers in
accordance with their privacy policies.

Pageguard output

SDKs detected: Firebase Analytics v21.5.0
(Google LLC, US); RevenueCat SDK v4.43.0
(RevenueCat Inc., US).

Apple .xcprivacy required declarations:
  - NSPrivacyAccessedAPICategoryUserDefaults
  - NSPrivacyAccessedAPICategoryDiskSpace
  - firebase-analytics: NSPrivacyCollectedDataTypes → Analytics

Google Play Data Safety: User IDs, Device
IDs, Purchase history — shared with Google,
RevenueCat.

ChatGPT's draft says “device identifiers and usage data.” The scan found the specific SDK versions, identified two Apple-required NSPrivacy entries, and pre-filled the Google Play Data Safety form answers. The versions matter — Firebase v21 has different retention defaults than v20.

Stack: Shopify + Klaviyo + Meta Pixel

ChatGPT output

We use cookies and similar technologies to
personalize content and ads, and to analyze
our traffic. We may share information about
your use of our site with advertising and
analytics partners. You can control cookies
through your browser settings.

Pageguard output

Tracking cookies firing before consent:
  _fbp (Meta Pixel, 90 days, US) — HIGH
  _kx  (Klaviyo, 2yr, US)        — HIGH
  _shopify_y (Shopify, 1yr, US)  — MEDIUM

GDPR Art. 7 consent required before any
of the above fire. Current setup: none
detected.

Klaviyo: EU-US Data Privacy Framework
member. Processing lawful basis: consent.

ChatGPT mentions cookies in aggregate. The scan flagged three specific cookies firing before any consent mechanism was present, named their durations, mapped Klaviyo to its EU-US DPF status, and rated two of them HIGH severity. Each one needs a separate consent category in any GDPR-compliant banner.

What ChatGPT cannot know

Which SDK version is actually loading

GA4 and Universal Analytics have different retention defaults and different GDPR treatment. The version number isn't in a prompt — it's in your Podfile or package.json.

The processor's country of origin

Whether a third party is covered by adequacy decision, SCCs, or BCRs changes your policy's legal basis section. That information is in the vendor's published DPA, not in a description of your product.

Whether a cookie fires before consent

ePrivacy compliance depends on the order scripts execute — not what your policy says they do. Only a live scan can observe the actual sequence.

How Apple classifies each SDK for .xcprivacy

Apple's required privacy manifest entries are tied to specific API usage patterns within each SDK version. There's no shortcut to looking them up; the scan does it for you.

ChatGPT is fine if you know your stack by heart and nothing changes. Most stacks do. Most people don’t.

Run the scan. See what your stack actually contains.

Scan your site →Scan your app →

Free scan. No account required.

Three stacks, two outputs

Stack: Next.js + Vercel Analytics + Stripe

ChatGPT output

We may collect information you provide
directly to us, including name, email, and
payment details. We use analytics services
to understand how visitors use our website.
We work with payment processors to handle
transactions securely. You may opt out of
marketing communications at any time.

Pageguard output

Analytics: Vercel Analytics (edge-based,
no cookies set, processor: Vercel Inc.,
US). No consent required under ePrivacy.

Payments: Stripe, Inc. (US). Sets
__stripe_mid (2yr) and __stripe_sid (30min)
before consent — legitimate interest basis.

Retention: Analytics aggregates purged at
90 days. No cross-site tracking.

Stack: React Native + Firebase + RevenueCat

ChatGPT output

Our app may collect device identifiers and
usage data to improve your experience. We
use third-party services for analytics and
subscription management. Your data may be
shared with our service providers in
accordance with their privacy policies.

Pageguard output

SDKs detected: Firebase Analytics v21.5.0
(Google LLC, US); RevenueCat SDK v4.43.0
(RevenueCat Inc., US).

Apple .xcprivacy required declarations:
  - NSPrivacyAccessedAPICategoryUserDefaults
  - NSPrivacyAccessedAPICategoryDiskSpace
  - firebase-analytics: NSPrivacyCollectedDataTypes → Analytics

Google Play Data Safety: User IDs, Device
IDs, Purchase history — shared with Google,
RevenueCat.

Stack: Shopify + Klaviyo + Meta Pixel

ChatGPT output

We use cookies and similar technologies to
personalize content and ads, and to analyze
our traffic. We may share information about
your use of our site with advertising and
analytics partners. You can control cookies
through your browser settings.

Pageguard output

Tracking cookies firing before consent:
  _fbp (Meta Pixel, 90 days, US) — HIGH
  _kx  (Klaviyo, 2yr, US)        — HIGH
  _shopify_y (Shopify, 1yr, US)  — MEDIUM

GDPR Art. 7 consent required before any
of the above fire. Current setup: none
detected.

Klaviyo: EU-US Data Privacy Framework
member. Processing lawful basis: consent.

What ChatGPT cannot know

Which SDK version is actually loading

GA4 and Universal Analytics have different retention defaults and different GDPR treatment. The version number isn't in a prompt — it's in your Podfile or package.json.

The processor's country of origin

Whether a cookie fires before consent

ePrivacy compliance depends on the order scripts execute — not what your policy says they do. Only a live scan can observe the actual sequence.

How Apple classifies each SDK for .xcprivacy

Apple's required privacy manifest entries are tied to specific API usage patterns within each SDK version. There's no shortcut to looking them up; the scan does it for you.