Searchflex ·Tracking Audit · April 2026

Client-side tracking & consent

https://searchflex.com · 1 URLs · April 2026

0 / 100

Executive Summary

Searchflex has a critical and immediate data privacy crisis that requires urgent remediation before any other work proceeds. The audit returned a score of zero out of a possible maximum, driven by two critical violations in which raw credit card data is being transmitted directly to Meta Pixel — an exposure that carries severe regulatory risk under GDPR, CCPA, and PCI-DSS, and could result in significant fines or platform bans. Compounding this, phone numbers are being leaked to both Google Analytics 4 and Meta Pixel, adding further PII exposure across two major third-party vendors. The 18 high-severity issues include tags continuing to fire after a user selects "Reject All," meaning the consent mechanism is functionally broken and providing no real protection. Collectively, these findings indicate that Searchflex's current tracking implementation is not legally compliant and poses substantial reputational and financial risk that should be escalated to legal and engineering leadership without delay.

At a glance

2 critical18 high3 low

URLs audited

Total issues

Journeys run

Distinct trackers

Consent matrix (trackers fired by state)

URL	default	accept_all	reject_all	CMP
https://searchflex.com/	6	8	6	cookieyes

Issues (5 types across 23 occurrences)

Severity	Category	Issue	Affected	Recommendation
critical	pii	PII (credit_card) sent to Meta Pixel Detected credit_card in params ['post_body'] of https://www.facebook.com/tr/	1 URL Show list https://searchflex.com/	Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
high	pii	PII (phone) sent to GA4 Detected phone in params ['_p', 'cid', 'gtm', 'sid', 'uafvl'] of https://region1.google-analytics.com/g/collect?v=2&tid=G-MEEH4ZY34T>m=45Pe64r1v9205095977z89205091	1 URL Show list https://searchflex.com/	Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
high	pii	PII (phone) sent to Meta Pixel Detected phone in params ['fbp', 'id', 'it', 'plt', 'ts'] of https://www.facebook.com/tr/?id=2322181838224260&ev=PageView&dl=https%3A%2F%2Fsearchflex.com%2F&rl=&	1 URL Show list https://searchflex.com/	Hash, redact, or remove PII before sending. Use Enhanced Conversions / CAPI with hashed values where required.
high	consent	Tags fire after Reject All Vendors firing despite Reject All: GA4, Meta Pixel. This breaches GDPR/PECR and is incompatible with Consent Mode v2 'denied' signals.	1 URL Show list https://searchflex.com/	Add consent-aware GTM triggers (Consent Mode v2 'ad_storage' / 'analytics_storage' = denied) and verify tags wait for an Update signal before firing.
low	data_quality	Most dataLayer pushes lack 'event' key Pushes without an event name can't be picked up by GTM Custom Event triggers.	1 URL Show list https://searchflex.com/	None