the consent gap · 2026 edition

The Privacy Gap · 2026

We checked what 304 launched web apps, SaaS and AI tools tell you about your data — before you ever sign in. Most tell you nothing.

The findings

• No cookie consent — 81%
  Cookies set with no consent prompt — a routine GDPR/ePrivacy gap.
• No terms of service — 60%
  No terms page reachable — the contract users supposedly agree to.
• No privacy policy page — 53%
  No privacy policy reachable at a standard path — required almost everywhere they operate.

How much do they disclose

• All three — 11%
• One or two — 43%
• None — 47%

By category

• AI & Agents — 81% no cookie consent
• Developer Tools — 86% no cookie consent
• Other — 75% no cookie consent
• Productivity — 81% no cookie consent
• Frameworks & Starter Kits — 74% no cookie consent
• Business & Finance — 86% no cookie consent

What this measures

Public-surface privacy posture: is there a reachable privacy policy, terms page, and a cookie-consent prompt before non-essential cookies are set. Hygiene and compliance signals, not legal advice — a share of 304 tested web services as of 2026-06-12.

Why it’s everywhere

Consent banners and a privacy page are paperwork a demo never needs and a launch quietly skips. 47% disclose *none* of the three. It isn’t malice — it’s the unglamorous last 10% that AI coding and a deadline both ignore.

How this was measured →