EU Withdrawal Button Compliance Auditor
Pricing
from $5.10 / 1,000 stores
EU Withdrawal Button Compliance Auditor
Audits websites for observable EU withdrawal-button risk signals, including withdrawal function visibility, confirmation flow, acknowledgement signals, friction, findings, and evidence.
Pricing
from $5.10 / 1,000 stores
Rating
0.0
(0)
Developer
Trove Vault
Maintained by CommunityActor stats
1
Bookmarked
2
Total users
1
Monthly active users
23 days ago
Last modified
Categories
Share
EU Withdrawal Button Compliance Auditor checks public websites for observable risk signals related to the EU online withdrawal-button requirement. Give it one or more URLs and it opens each site in a real browser, follows likely withdrawal, cancellation, account, subscription, legal, refund, and terms pages, then returns a structured risk audit with findings, evidence, recommended actions, and a screenshot key.
This actor does not certify legal compliance and does not replace legal advice. It is built for fast triage: finding visible issues that compliance teams, consumer-law specialists, agencies, SaaS operators, marketplaces, and e-commerce teams should review before the June 2026 enforcement deadline and after future site or checkout changes.
Legal Context
The audit is shaped around public, browser-observable signals associated with the EU withdrawal-function requirement introduced through Directive (EU) 2023/2673. Always review the applicable national implementation, business model, contract type, and logged-in customer journey before making a legal conclusion.
Why Use This Actor
- Check whether a public website exposes a visible online withdrawal or cancellation function.
- Detect whether withdrawal rights are mentioned in terms but not reflected in a prominent online control.
- Find account, subscription, cancellation, terms, refund, return, and withdrawal pages from a submitted homepage.
- Flag processes that appear to rely on email, postal mail, phone, paper forms, support tickets, signatures, or manual review.
- Look for confirmation-step and acknowledgement signals such as "confirm withdrawal", confirmation email, ticket, reference, or receipt language.
- Produce a risk score, risk level, findings, recommended actions, compact evidence samples, and screenshot evidence.
- Schedule recurring audits for owned sites, client portfolios, acquisition targets, subscription flows, or high-risk consumer journeys.
What It Checks
For each submitted website, the actor performs a standard public audit by default. There are no per-check toggles because the product is the complete withdrawal-button triage pass.
The actor checks:
- visible withdrawal, cancellation, unsubscribe, terminate, account, and subscription controls
- exact or near-exact withdrawal-button wording such as "withdraw from contract here" and "confirm withdrawal"
- public terms, legal, return, refund, cancellation, and withdrawal-rights language
- 14-day, cooling-off, and withdrawal-period language
- whether withdrawal language appears with online, account, form, portal, digital, or button language
- whether the withdrawal or cancellation path appears prominent and above the fold
- confirmation-step signals and final confirmation button wording
- acknowledgement or receipt signals after request submission, where public text reveals them
- email-only, postal-only, phone-only, paper, signature, fax, support-ticket, or manual-review friction
- likely login-gated account or subscription paths that need manual or authenticated follow-up
- homepage screenshot evidence stored in the key-value store
Use Cases
Compliance teams can audit owned domains before the EU withdrawal-button deadline, then rerun after checkout, account, or subscription-management releases.
Consumer-law and privacy consultants can run first-pass checks across client portfolios before deeper manual review.
Agencies can monitor whether new campaign sites, storefronts, membership pages, or subscription funnels still expose the required cancellation and withdrawal path.
E-commerce and SaaS operators can find mismatches between legal terms and the actual public user interface.
M&A and vendor-risk teams can triage consumer-facing websites before acquisition, onboarding, or commercial review.
Input Example
{"startUrls": [{ "url": "https://example.com/" },{ "url": "https://example.org/terms" }],"proxyConfiguration": {"useApifyProxy": false}}
Input Reference
| Field | Type | Description |
|---|---|---|
startUrls | array | Public website URLs to audit. Use homepages for full-site triage or specific checkout, account, subscription, terms, cancellation, or withdrawal pages when you already know the relevant flow. |
proxyConfiguration | object | Optional Apify Proxy settings. Enable it when sites block datacenter traffic or show location-specific EU behavior. |
datasetId | string | Optional existing dataset to append results to. |
runId | string | Optional upstream job or workflow ID copied into output rows. |
Output Example
{"url": "https://example.com/","finalUrl": "https://example.com/","domain": "example.com","auditStatus": "success","withdrawalRiskScore": 78,"riskLevel": "critical","withdrawalFunctionDetected": false,"withdrawalButtonProminent": false,"withdrawalButtonLabel": null,"withdrawalPageUrl": null,"accountOrCancellationPageFound": true,"termsWithdrawalLanguageFound": true,"onlineWithdrawalLanguageFound": false,"withdrawalDeadlineLanguageFound": true,"confirmationStepDetected": false,"confirmWithdrawalButtonDetected": false,"confirmationButtonTextDetected": null,"acknowledgementMechanismDetected": false,"emailOnlyWithdrawalDetected": true,"loginRequiredLikely": true,"cancellationFrictionSignals": ["postal_or_letter_required", "support_or_manual_review"],"pagesChecked": ["https://example.com/","https://example.com/terms","https://example.com/account"],"findings": [{"severity": "high","category": "button-prominence","message": "Withdrawal rights are mentioned, but no prominent withdrawal button or equivalent visible control was found.","evidence": ["Consumers may withdraw within 14 days by contacting customer service."]}],"recommendedActions": ["Make the withdrawal button prominent and label it with unambiguous withdrawal language.","Run a logged-in manual review or authenticated audit for account-only subscription and cancellation pages."],"screenshotKey": "SCREENSHOT-example.com-1780000000000.png","auditedAt": "2026-06-19T12:00:00.000Z"}
Output Fields
The main decision fields are withdrawalRiskScore, riskLevel, withdrawalFunctionDetected, withdrawalButtonProminent, withdrawalButtonLabel, withdrawalPageUrl, termsWithdrawalLanguageFound, onlineWithdrawalLanguageFound, confirmationStepDetected, confirmWithdrawalButtonDetected, acknowledgementMechanismDetected, emailOnlyWithdrawalDetected, loginRequiredLikely, cancellationFrictionSignals, findings, recommendedActions, evidence, and screenshotKey.
API Usage
curl "https://api.apify.com/v2/acts/TroveVault~eu-withdrawal-button-auditor/runs" \-X POST \-H "Authorization: Bearer $APIFY_TOKEN" \-H "Content-Type: application/json" \-d '{"startUrls": [{ "url": "https://example.com/" }]}'
Interpreting Results
The actor reports automated risk signals, not legal conclusions. A high or critical result means the website deserves human review. A low result means this automated pass did not find strong visible issues, not that the site is legally compliant. If the real journey appears only after login, purchase, native-app access, or a customer-specific account area, the actor can flag that follow-up is likely needed but cannot complete that private workflow.
Limitations
- The actor cannot certify compliance with EU consumer law or any national implementation.
- It does not make purchases, create accounts, log in, cancel real subscriptions, or submit withdrawal requests.
- It cannot verify private account flows, backend acknowledgements, email delivery, customer-service SLAs, or contract-specific eligibility.
- Some sites hide cancellation or withdrawal flows behind authentication, geolocation, anti-bot controls, app-only experiences, or customer-specific portals.
- Text detection is multilingual but pattern-based. Unusual wording, images-only buttons, custom web components, or shadow DOM may reduce accuracy.
- Region-specific behavior may require proxy settings that match the target EU market.
FAQ
Does this actor give legal advice?
No. It produces structured observable signals for triage. A qualified legal or compliance reviewer should decide whether the site satisfies the applicable requirement.
Can I monitor the same sites every week?
Yes. Use Apify schedules and optionally provide datasetId and runId so results from recurring runs can be joined in your own pipeline.
Related Actors
For broader privacy, cookie-consent, tracker, policy, and form-risk triage, use TroveVault's GDPR Website Compliance Auditor. This withdrawal-button actor is narrower and focuses on the consumer withdrawal/cancellation path.
Changelog
0.1: Initial TroveVault release candidate with browser-based public withdrawal-button risk auditing, legal/cancellation page discovery, confirmation and acknowledgement checks, friction detection, findings, recommendations, and screenshot evidence.
Support
Open an Apify issue or contact TroveVault with the run ID, target URL, and a short description of the result you expected.