How this works. This is an automated risk indicator, not a prediction and not legal advice. It scores how closely your described website matches the fact patterns driving the current CIPA, pixel, session-replay, and wiretapping litigation wave. Nothing you enter is sent anywhere until you choose to start a request.
Does your website serve California visitors? CIPA is a California statute. California reach is what these claims hinge on.
Roughly how much monthly traffic? Higher traffic means more potential class members and more visibility to automated scanners.
Which advertising / analytics pixels does your site load? Select all that apply. These are the tags targeted under the pen-register (Section 638.51) theory.
Do you run any session-replay or behavior-analytics tools? Tools that record clicks, scrolls, keystrokes, or replay sessions are targeted under the wiretap (Section 631) theory.
Is there a chat widget or AI assistant on the site? Third-party chat and AI voice/text assistants have drawn CIPA "eavesdropping" and "AI wiretapping" claims.
Do you have a consent banner, and does it block tags before consent? The dominant 2026 theory is that tags fire on page load before the visitor acts on the banner. A banner that does not actually gate tags offers little protection.
Does the site have a published privacy policy? A current policy that discloses tracking and third-party sharing is a basic baseline; its absence is a flag.
Does the site handle health or financial data? Health and financial contexts have driven the largest pixel settlements and the most aggressive theories, including health-data statutes with their own private right of action.

How the score is built

The estimate combines the factors that current CIPA, pixel, session-replay, and wiretapping cases actually turn on. The two dominant theories are CIPA Section 631 (wiretapping and eavesdropping, applied to session-replay tools and third-party chat widgets that capture visitor interaction in real time) and CIPA Section 638.51 (pen register and trap-and-trace, applied to advertising and analytics pixels that capture IP address, URL, referrer, and device or session identifiers). The remedy under Cal. Penal Code Section 637.2 is the greater of $5,000 per violation or three times actual damages, with no requirement to prove real harm, which is the engine behind the volume of filings and demand letters.

What raises the estimate

What lowers the estimate

Landscape summary sources are below in the FAQ and reflect the position as of June 2026. The law here is genuinely split: federal district courts have more often allowed pen-register pixel theories to proceed while California state trial courts have more often rejected them, and a proposed CIPA business exemption (SB 690) stalled in the Legislature, so no near-term relief is assured. None of this is a prediction; the actual exposure of any specific site depends on facts this tool does not capture.

Frequently Asked Questions

Disclaimer. This calculator is an automated risk indicator based solely on the inputs you provide. It is for general informational purposes only, is not legal advice, is not a prediction of any litigation outcome, and does not create an attorney-client relationship. The litigation landscape it describes is current to June 2026 and is genuinely unsettled and split across courts. Whether any specific website faces real exposure depends on facts not captured here and on the specific law applied. For advice about your situation, consult a licensed attorney. Sergei Tokmakov, Esq., California Bar No. 279869.