In August 2025, a federal judge in the Northern District of California let a federal wiretapping claim survive against a shoe retailer. The evidence was the company's own privacy policy. It said the site did not collect personally identifiable information. Third-party tracking pixels said otherwise.
That ruling established a replicable formula. Plaintiffs' attorneys are using it in demand letters and class actions across every industry. The evidence they rely on comes from a HAR file. You can run one yourself.
The HARstack reads your HAR file, identifies what is firing on your site, and tells you exactly where the gaps between your data flows and your disclosures are. No account. No data transmission. Runs entirely in your browser.
Every finding includes a plain-language description of what the technology does, which regulations apply, and what a policy disclosure gap looks like in practice. Not general privacy law. Specific citations to the cases and enforcement actions being used in active litigation.
Open your browser's developer tools, record a page load, export the HAR. Drop it in the tool. The analysis runs in your browser. Nothing leaves your machine.
This page is served through Cloudflare. Cloudflare receives connection metadata for each request -- including IP addresses, timestamps, and request paths -- as part of normal CDN operation. You can review Cloudflare's privacy policy at cloudflare.com/privacypolicy.
The tool itself downloads directly from GitHub. GitHub (Microsoft) receives the download request. You can review GitHub's privacy statement at docs.github.com. Once downloaded, the tool runs entirely in your browser. No data leaves your machine during analysis.
This page loads no advertising pixels, no analytics platform, and no session replay tools. The only third-party request is Google Fonts for typography. You can verify this yourself: download the tool, record a HAR on this page, and drop it in. The findings should come back Likely OK.