Long-form differentiator page covering the seven sales arguments from
project_marketing_website_3014_themes.md, all anchor-linkable for
sales decks:
#1 engine — Pattern-engine vs Excel-checklist
#2 multi-markt — One risk assessment, all markets (CE+US+CN+JP)
#3 folgegefahren — Operator-to-end-customer harm chain
#4 public-domain — OSHA/NIST/EUR-Lex/BAuA as legal anchor
#5 audit-suite — Engine self-introspection (cmd/iace-audit A-E)
#6 made-in-germany — German export meets US Federal PD
#7 tooling — LLM gap-review as co-pilot, not robo-lawyer
Each section carries a "Belegt durch:" line pointing at the actual
codebase artifact behind the claim, so the page reads as audit-friendly
proof, not marketing fluff.
Below the 7 differentiators a competitor comparison table (BreakPilot
vs DesignSafe vs Pilz PASS vs Sick SD vs Sphera) and a closing block
explaining the R1/R2/R3 license architecture with a pointer to
/sdk/licenses.
Navbar updated to surface the page between Plattform and CE-Prozess.
This closes Task #19. With Task #29 + #7/#8 already in, the roadmap
post-licence-classification work is fully landed.
Adds a "Quellen und Lizenzen der Compliance-Inhalte" section to the
marketing-website Impressum naming the public sources the platform
draws on (EUR-Lex, US Federal Code, ENISA/EDPB/BAuA, OWASP, OECD,
eigene Texte) and pointing to /sdk/licenses for the full per-source
breakdown.
The Datenschutz and Impressum audit (Task #24 in breakpilot-compliance)
confirmed no spurious license claims were buried in these pages.
This change adds explicit transparency rather than removing anything,
and is paired with the explicit disclaimer that the Pauschalvermerk
does NOT replace work-level attribution — that is handled by the
auto-footer in PDFs and the <SourceBadge> in the SDK frontend.
Marketing-Website
- Neue SavingsSection auf Homepage: "Compliance entdeckt sechsstellige
Einsparungen". Pitch-Position der Cookie-Audit-Cost-Optimization-Story
fuer DAX-Konzern-Sales (BMW-Case-Style: 90 Vendors -> 25 nach
Konsolidierung, EUR 500k-3M / Jahr).
- /savings-scan: Kostenloser 5-Min-Saving-Scan-Form (URL + E-Mail).
Form-Submit ist Placeholder, soll an Compliance-Backend gehaengt werden.
- /savings-methodik: 4-Stufen-Erklaerung der Cookie-Tier-Inferenz +
ehrliche Caveats (Listpreise != Vertragspreise, Media-Spend nicht
enthalten) + Datenquellen.
- Content-de + Content-en in content.ts beide um savings-Block ergaenzt
und Section-Numerierung angepasst (03=Savings, 04=Deterministic).
- LOC-Split: savings-Inhalte (DE+EN, ~100 LOC) in content.savings.ts
ausgelagert damit content.ts unter 500-LOC-Hard-Cap bleibt.
Control-Pipeline
- LESSONS-LEARNED-mc-check-types.md fuer die parallele CRA-MC-Generation.
Erklaert die TEXT/PROCESS/REVIEW-Klassifikation die im Compliance-Repo
retrofitted wurde. Verhindert dass CRA-MCs denselben Defekt bekommen.
Mapping-Heuristik fuer verification_method -> check_type, plus
Backfill-Workflow fuer ~62 ambiguous Eintraege.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- ConsentBanner: save consent_id to localStorage after successful POST
- Footer: DELETE /api/consent/{id} on consent re-open (Art. 17 DSGVO)
- New proxy route: DELETE /api/consent/[id] → backend withdrawal endpoint
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ScriptManager: two blocking mechanisms — injection of CONSENT_SCRIPTS
after consent + activation of type="text/plain" data-consent scripts.
Standard CMP blocking pattern ready for third-party analytics/marketing.
DSE: add Interessenabwaegung (balancing test) for Art. 6(1)(f) DSGVO
processing: Hosting and Server-Logfiles sections now document why
legitimate interest outweighs data subject rights.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Session ID via sessionStorage UUID
- Self-host Google Fonts (Inter, Plus Jakarta Sans, JetBrains Mono) — eliminates
third-party transfer to Google, no more DSGVO violation
- ScriptManager component: consent-change listener for future analytics/marketing scripts
- GeoIP via browser timezone (Intl.DateTimeFormat) + IP injection in proxy
- Vendor-level consent UI: loads vendor config from backend, shows per-vendor
toggles under each category, sends vendor_consents dict
- DSE updated: Google Fonts section now says "lokal gehostet"
- Config proxy route: GET /api/consent/config
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
ConsentBanner detects loaded scripts (analytics/marketing) and cookies
after consent, sends them to the CMP backend for transparency tracking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Send consent_method, page_url, referrer, device_type, browser, os,
screen_resolution and consent_scope with each consent record for
vendor-agnostic compliance tracking.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Benjamin Admin