diff --git a/backend-compliance/compliance/services/service_registry.py b/backend-compliance/compliance/services/service_registry.py new file mode 100644 index 0000000..0503b9a --- /dev/null +++ b/backend-compliance/compliance/services/service_registry.py @@ -0,0 +1,513 @@ +""" +Service Registry — Master list of 80+ third-party web services. + +Used by website_scanner.py and synced to consent-tester/script_analyzer.py. +Pure data file — no logic. Each entry contains: +- Regex pattern for detection in HTML/script URLs +- Provider metadata (name, country, EU adequacy, consent requirement, legal reference) + +Categories: tracking, marketing, cdn, chatbot, payment, video, social, +heatmap, testing, tag_manager, push, support, error_tracking, crm, accessibility +""" + +# Format: regex_pattern -> metadata dict +# All patterns are case-insensitive when matched +SERVICE_REGISTRY: dict[str, dict] = { + # ═══════════════════════════════════════════════════════════════ + # TRACKING & ANALYTICS + # ═══════════════════════════════════════════════════════════════ + r"google.?analytics|gtag\(|UA-\d{4,}|G-[A-Z0-9]{8,12}": { + "id": "google_analytics", "name": "Google Analytics", "category": "tracking", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"googletagmanager|gtm\.js": { + "id": "google_tag_manager", "name": "Google Tag Manager", "category": "tag_manager", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"facebook\.net/.*fbevents|fbq\(": { + "id": "facebook_pixel", "name": "Meta/Facebook Pixel", "category": "marketing", + "provider": "Meta Platforms", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"hotjar\.com|_hjSettings": { + "id": "hotjar", "name": "Hotjar", "category": "heatmap", + "provider": "Hotjar Ltd", "country": "MT", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG (Session Recording)", + }, + r"clarity\.ms": { + "id": "ms_clarity", "name": "Microsoft Clarity", "category": "heatmap", + "provider": "Microsoft", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG (Session Replay), Art. 44 DSGVO", + }, + r"matomo|piwik": { + "id": "matomo", "name": "Matomo", "category": "tracking", + "provider": "InnoCraft/Self-hosted", "country": "EU/Self", "eu_adequate": True, + "requires_consent": False, "legal_ref": "Cookieless moeglich, §25 TDDDG", + }, + r"plausible\.io": { + "id": "plausible", "name": "Plausible Analytics", "category": "tracking", + "provider": "Plausible Insights", "country": "EE", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter, cookieless", + }, + r"etracker\.com|etracker\.de|etrackerCookieless": { + "id": "etracker", "name": "etracker", "category": "tracking", + "provider": "etracker GmbH", "country": "DE", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG, DE-Anbieter mit ePrivacy-Siegel", + }, + r"pirsch\.io": { + "id": "pirsch", "name": "Pirsch Analytics", "category": "tracking", + "provider": "Pirsch GmbH", "country": "DE", "eu_adequate": True, + "requires_consent": False, "legal_ref": "DE-Anbieter, cookieless", + }, + r"fathom\.": { + "id": "fathom", "name": "Fathom Analytics", "category": "tracking", + "provider": "Fathom Analytics", "country": "CA", "eu_adequate": True, + "requires_consent": False, "legal_ref": "Kanada Angemessenheitsbeschluss, cookieless", + }, + # ═══════════════════════════════════════════════════════════════ + # WERBENETZE + # ═══════════════════════════════════════════════════════════════ + r"doubleclick\.net|googlesyndication|googleads|adwords": { + "id": "google_ads", "name": "Google Ads", "category": "marketing", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"tiktok\.com/i18n|analytics\.tiktok": { + "id": "tiktok_pixel", "name": "TikTok Pixel", "category": "marketing", + "provider": "ByteDance", "country": "CN", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Drittlandtransfer China", + }, + r"linkedin\.com/insight|snap\.licdn": { + "id": "linkedin_insight", "name": "LinkedIn Insight", "category": "marketing", + "provider": "LinkedIn/Microsoft", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"pinterest\.com/ct|pinimg\.com/ct": { + "id": "pinterest_tag", "name": "Pinterest Tag", "category": "marketing", + "provider": "Pinterest Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"criteo\.com|criteo\.net": { + "id": "criteo", "name": "Criteo", "category": "marketing", + "provider": "Criteo SA", "country": "FR", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG (Retargeting)", + }, + r"taboola\.com": { + "id": "taboola", "name": "Taboola", "category": "marketing", + "provider": "Taboola Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"outbrain\.com": { + "id": "outbrain", "name": "Outbrain", "category": "marketing", + "provider": "Outbrain Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"amazon-adsystem|amazon\.com/ap/pixel": { + "id": "amazon_ads", "name": "Amazon Ads", "category": "marketing", + "provider": "Amazon.com", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"bing\.com/bat|bat\.bing": { + "id": "bing_ads", "name": "Bing/Microsoft Ads", "category": "marketing", + "provider": "Microsoft", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + # ═══════════════════════════════════════════════════════════════ + # NEWSLETTER / EMAIL MARKETING + # ═══════════════════════════════════════════════════════════════ + r"mailchimp\.com|list-manage\.com|chimpstatic": { + "id": "mailchimp", "name": "Mailchimp", "category": "marketing", + "provider": "Intuit/Mailchimp", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO, Double Opt-In", + }, + r"brevo\.com|sendinblue\.com|sibforms": { + "id": "brevo", "name": "Brevo (Sendinblue)", "category": "marketing", + "provider": "Brevo SAS", "country": "FR", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG (Formular-Tracking)", + }, + r"cleverreach\.com": { + "id": "cleverreach", "name": "CleverReach", "category": "marketing", + "provider": "CleverReach GmbH", "country": "DE", "eu_adequate": True, + "requires_consent": True, "legal_ref": "Double Opt-In", + }, + r"activecampaign\.com": { + "id": "activecampaign", "name": "ActiveCampaign", "category": "marketing", + "provider": "ActiveCampaign LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + r"rapidmail\.de|rapidmail\.io": { + "id": "rapidmail", "name": "Rapidmail", "category": "marketing", + "provider": "rapidmail GmbH", "country": "DE", "eu_adequate": True, + "requires_consent": True, "legal_ref": "Double Opt-In", + }, + r"hubspot\.com|hs-scripts|hs-analytics|hsforms": { + "id": "hubspot", "name": "HubSpot", "category": "crm", + "provider": "HubSpot Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"getresponse\.com": { + "id": "getresponse", "name": "GetResponse", "category": "marketing", + "provider": "GetResponse SA", "country": "PL", "eu_adequate": True, + "requires_consent": True, "legal_ref": "Double Opt-In", + }, + r"convertkit\.com|convertkit-mail": { + "id": "convertkit", "name": "ConvertKit", "category": "marketing", + "provider": "ConvertKit LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + # ═══════════════════════════════════════════════════════════════ + # CDN & FONTS + # ═══════════════════════════════════════════════════════════════ + r"fonts\.googleapis\.com|fonts\.gstatic\.com": { + "id": "google_fonts", "name": "Google Fonts (remote)", "category": "cdn", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "LG Muenchen I, Az. 3 O 17493/20", + }, + r"cdn\.cloudflare\.com|cdnjs\.cloudflare\.com": { + "id": "cloudflare_cdn", "name": "Cloudflare CDN", "category": "cdn", + "provider": "Cloudflare Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (CDN)", + }, + r"cloudfront\.net": { + "id": "aws_cloudfront", "name": "AWS CloudFront", "category": "cdn", + "provider": "Amazon Web Services", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (CDN), SCCs", + }, + r"azureedge\.net|azure\.com/cdn": { + "id": "azure_cdn", "name": "Azure CDN", "category": "cdn", + "provider": "Microsoft", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (CDN), SCCs", + }, + r"bunny\.net|bunnycdn": { + "id": "bunnycdn", "name": "BunnyCDN", "category": "cdn", + "provider": "BunnyCDN d.o.o.", "country": "SI", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter", + }, + r"keycdn\.com": { + "id": "keycdn", "name": "KeyCDN", "category": "cdn", + "provider": "proinity LLC", "country": "CH", "eu_adequate": True, + "requires_consent": False, "legal_ref": "CH Angemessenheitsbeschluss", + }, + r"use\.typekit\.net|typekit\.com": { + "id": "adobe_fonts", "name": "Adobe Fonts", "category": "cdn", + "provider": "Adobe Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO (IP-Uebermittlung)", + }, + # ═══════════════════════════════════════════════════════════════ + # CHATBOTS & SUPPORT + # ═══════════════════════════════════════════════════════════════ + r"widget\.intercom\.io|intercomcdn": { + "id": "intercom", "name": "Intercom", "category": "chatbot", + "provider": "Intercom Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO, KI-gestuetzt", + }, + r"tidio\.co|tidioChatApi": { + "id": "tidio", "name": "Tidio Chat", "category": "chatbot", + "provider": "Tidio LLC", "country": "PL", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter", + }, + r"zendesk\.com/embeddable|zdassets": { + "id": "zendesk", "name": "Zendesk", "category": "chatbot", + "provider": "Zendesk Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + r"crisp\.chat|client\.crisp\.chat": { + "id": "crisp", "name": "Crisp Chat", "category": "chatbot", + "provider": "Crisp IM SAS", "country": "FR", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter", + }, + r"livechatinc\.com|livechat\.com": { + "id": "livechat", "name": "LiveChat", "category": "chatbot", + "provider": "LiveChat Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + r"freshdesk\.com|freshchat": { + "id": "freshdesk", "name": "Freshdesk/Freshchat", "category": "support", + "provider": "Freshworks Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + r"helpscout\.net|beacon-v2": { + "id": "helpscout", "name": "HelpScout Beacon", "category": "support", + "provider": "Help Scout PBC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "Art. 44-49 DSGVO", + }, + # ═══════════════════════════════════════════════════════════════ + # PAYMENT + # ═══════════════════════════════════════════════════════════════ + r"js\.stripe\.com|stripe\.com/v3": { + "id": "stripe", "name": "Stripe", "category": "payment", + "provider": "Stripe Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Art. 6(1)(b) Vertragserfuellung, SCCs", + }, + r"paypal\.com/sdk|paypalobjects": { + "id": "paypal", "name": "PayPal", "category": "payment", + "provider": "PayPal Holdings", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Art. 6(1)(b) Vertragserfuellung", + }, + r"klarna\.com|klarna-payments": { + "id": "klarna", "name": "Klarna", "category": "payment", + "provider": "Klarna AB", "country": "SE", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU, aber Art. 22 DSGVO bei Bonitaetspruefung!", + }, + r"adyen\.com": { + "id": "adyen", "name": "Adyen", "category": "payment", + "provider": "Adyen NV", "country": "NL", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter", + }, + r"mollie\.com": { + "id": "mollie", "name": "Mollie", "category": "payment", + "provider": "Mollie BV", "country": "NL", "eu_adequate": True, + "requires_consent": False, "legal_ref": "EU-Anbieter", + }, + # ═══════════════════════════════════════════════════════════════ + # HEATMAPS & SESSION RECORDING + # ═══════════════════════════════════════════════════════════════ + r"fullstory\.com|fs\.js": { + "id": "fullstory", "name": "FullStory", "category": "heatmap", + "provider": "FullStory Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG (Session Replay), Art. 44 DSGVO", + }, + r"mouseflow\.com": { + "id": "mouseflow", "name": "Mouseflow", "category": "heatmap", + "provider": "Mouseflow ApS", "country": "DK", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG (Session Recording)", + }, + r"crazyegg\.com": { + "id": "crazyegg", "name": "Crazy Egg", "category": "heatmap", + "provider": "Crazy Egg Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"luckyorange\.com": { + "id": "luckyorange", "name": "Lucky Orange", "category": "heatmap", + "provider": "Lucky Orange LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + # ═══════════════════════════════════════════════════════════════ + # A/B TESTING + # ═══════════════════════════════════════════════════════════════ + r"optimizely\.com|cdn-pci\.optimizely": { + "id": "optimizely", "name": "Optimizely", "category": "testing", + "provider": "Optimizely Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"visualwebsiteoptimizer|vwo\.com": { + "id": "vwo", "name": "VWO", "category": "testing", + "provider": "Wingify", "country": "IN", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44 DSGVO", + }, + r"abtasty\.com": { + "id": "abtasty", "name": "AB Tasty", "category": "testing", + "provider": "AB Tasty SAS", "country": "FR", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + # ═══════════════════════════════════════════════════════════════ + # TAG MANAGER (non-Google) + # ═══════════════════════════════════════════════════════════════ + r"tealium\.com|tealiumiq": { + "id": "tealium", "name": "Tealium", "category": "tag_manager", + "provider": "Tealium Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"segment\.com|cdn\.segment\.io|analytics\.js": { + "id": "segment", "name": "Segment", "category": "tag_manager", + "provider": "Twilio/Segment", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"assets\.adobedtm\.com|launch-": { + "id": "adobe_launch", "name": "Adobe Launch", "category": "tag_manager", + "provider": "Adobe Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + # ═══════════════════════════════════════════════════════════════ + # PUSH NOTIFICATIONS + # ═══════════════════════════════════════════════════════════════ + r"onesignal\.com": { + "id": "onesignal", "name": "OneSignal", "category": "push", + "provider": "OneSignal Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"pushwoosh\.com": { + "id": "pushwoosh", "name": "Pushwoosh", "category": "push", + "provider": "Pushwoosh Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"firebase\.googleapis\.com/messaging|firebaseinstallations": { + "id": "firebase_messaging", "name": "Firebase Cloud Messaging", "category": "push", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + # ═══════════════════════════════════════════════════════════════ + # VIDEO & MEDIA + # ═══════════════════════════════════════════════════════════════ + r"youtube\.com/embed|youtube-nocookie|ytimg": { + "id": "youtube", "name": "YouTube", "category": "video", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, 2-Klick empfohlen", + }, + r"player\.vimeo\.com|vimeocdn": { + "id": "vimeo", "name": "Vimeo", "category": "video", + "provider": "Vimeo Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"wistia\.com|wistia\.net": { + "id": "wistia", "name": "Wistia", "category": "video", + "provider": "Wistia Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"jwplayer\.com|jwplatform": { + "id": "jwplayer", "name": "JW Player", "category": "video", + "provider": "JW Player", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + # ═══════════════════════════════════════════════════════════════ + # SOCIAL MEDIA EMBEDS + # ═══════════════════════════════════════════════════════════════ + r"platform\.twitter\.com|x\.com/embed": { + "id": "twitter_embed", "name": "X/Twitter Embed", "category": "social", + "provider": "X Corp", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"instagram\.com/embed|cdninstagram": { + "id": "instagram_embed", "name": "Instagram Embed", "category": "social", + "provider": "Meta Platforms", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"connect\.facebook\.net|facebook\.com/plugins": { + "id": "facebook_social", "name": "Facebook Social Plugin", "category": "social", + "provider": "Meta Platforms", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, EuGH Fashion ID", + }, + # ═══════════════════════════════════════════════════════════════ + # CAPTCHA + # ═══════════════════════════════════════════════════════════════ + r"recaptcha|grecaptcha": { + "id": "recaptcha", "name": "Google reCAPTCHA", "category": "other", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"hcaptcha\.com": { + "id": "hcaptcha", "name": "hCaptcha", "category": "other", + "provider": "Intuition Machines", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (Bot-Schutz)", + }, + r"challenges\.cloudflare\.com|turnstile": { + "id": "cf_turnstile", "name": "Cloudflare Turnstile", "category": "other", + "provider": "Cloudflare Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (Bot-Schutz)", + }, + # ═══════════════════════════════════════════════════════════════ + # MAPS + # ═══════════════════════════════════════════════════════════════ + r"maps\.googleapis\.com|maps\.google\.com": { + "id": "google_maps", "name": "Google Maps", "category": "other", + "provider": "Google LLC", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"openstreetmap\.org": { + "id": "osm", "name": "OpenStreetMap", "category": "other", + "provider": "OSM Foundation", "country": "GB", "eu_adequate": True, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse", + }, + r"mapbox\.com|api\.mapbox": { + "id": "mapbox", "name": "Mapbox", "category": "other", + "provider": "Mapbox Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + # ═══════════════════════════════════════════════════════════════ + # ERROR TRACKING + # ═══════════════════════════════════════════════════════════════ + r"sentry\.io|sentry-cdn": { + "id": "sentry", "name": "Sentry", "category": "error_tracking", + "provider": "Sentry Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (Error Tracking)", + }, + r"bugsnag\.com": { + "id": "bugsnag", "name": "Bugsnag", "category": "error_tracking", + "provider": "SmartBear", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse", + }, + r"datadoghq\.com|dd-rum": { + "id": "datadog_rum", "name": "Datadog RUM", "category": "error_tracking", + "provider": "Datadog Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG (Real User Monitoring)", + }, + r"newrelic\.com|nr-data\.net|bam\.nr-data": { + "id": "newrelic", "name": "New Relic Browser", "category": "error_tracking", + "provider": "New Relic Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG (RUM)", + }, + # ═══════════════════════════════════════════════════════════════ + # CRM TRACKING + # ═══════════════════════════════════════════════════════════════ + r"pardot\.com|pi\.pardot": { + "id": "pardot", "name": "Salesforce Pardot", "category": "crm", + "provider": "Salesforce Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"pipedrive\.com/tracking": { + "id": "pipedrive", "name": "Pipedrive Tracking", "category": "crm", + "provider": "Pipedrive OÜ", "country": "EE", "eu_adequate": True, + "requires_consent": True, "legal_ref": "§25 TDDDG", + }, + r"zoho\.com/analytics|zohocdn": { + "id": "zoho", "name": "Zoho Analytics", "category": "crm", + "provider": "Zoho Corp", "country": "IN", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44 DSGVO", + }, + # ═══════════════════════════════════════════════════════════════ + # ANALYTICS (additional platforms) + # ═══════════════════════════════════════════════════════════════ + r"vercel-analytics|va\.vercel-scripts": { + "id": "vercel_analytics", "name": "Vercel Analytics", "category": "tracking", + "provider": "Vercel Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Privacy-fokussiert, pruefbar", + }, + r"netlify-insights|netlify\.com/analytics": { + "id": "netlify_analytics", "name": "Netlify Analytics", "category": "tracking", + "provider": "Netlify Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Server-side, kein Client-Tracking", + }, + r"heap\.io|heapanalytics": { + "id": "heap", "name": "Heap Analytics", "category": "tracking", + "provider": "Heap Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"amplitude\.com|cdn\.amplitude": { + "id": "amplitude", "name": "Amplitude", "category": "tracking", + "provider": "Amplitude Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"mixpanel\.com": { + "id": "mixpanel", "name": "Mixpanel", "category": "tracking", + "provider": "Mixpanel Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG, Art. 44-49 DSGVO", + }, + r"posthog\.com|us\.posthog|eu\.posthog": { + "id": "posthog", "name": "PostHog", "category": "tracking", + "provider": "PostHog Inc", "country": "US", "eu_adequate": False, + "requires_consent": True, "legal_ref": "§25 TDDDG (EU-Hosting moeglich)", + }, + # ═══════════════════════════════════════════════════════════════ + # ACCESSIBILITY OVERLAYS + # ═══════════════════════════════════════════════════════════════ + r"accessibe\.com|acsbapp": { + "id": "accessibe", "name": "accessiBe", "category": "accessibility", + "provider": "accessiBe Ltd", "country": "IL", "eu_adequate": True, + "requires_consent": False, "legal_ref": "Israel Angemessenheitsbeschluss", + }, + r"userway\.org": { + "id": "userway", "name": "UserWay", "category": "accessibility", + "provider": "UserWay Inc", "country": "US", "eu_adequate": False, + "requires_consent": False, "legal_ref": "Berechtigtes Interesse (Barrierefreiheit)", + }, + # ═══════════════════════════════════════════════════════════════ + # CONSENT MANAGEMENT (not a violation — informational) + # ═══════════════════════════════════════════════════════════════ + r"didomi|cookiebot|onetrust|usercentrics|consentmanager|quantcast|borlabs|tarteaucitron|klaro": { + "id": "cmp", "name": "Consent Management Platform", "category": "cmp", + "provider": "Various", "country": "EU", "eu_adequate": True, + "requires_consent": False, "legal_ref": "CMP vorhanden", + }, +}