How We Scan

What We Scan

We scan publicly accessible checkout and payment pages only — the same pages any customer would see when making a purchase. We focus specifically on the payment flow because cross-origin iframes (Stripe Elements, PayPal, Adyen Drop-in) are invisible to every other automated accessibility scanner.

How We Scan

Our scanner uses a headless browser to load your checkout page exactly as a real customer would. It then runs axe-core accessibility checks, custom WCAG 2.2 heuristics, and payment provider detection. This is functionally identical to a human visiting your page with a browser — no exploits, no automation bypasses.

What We Collect

We extract page structure (DOM), WCAG accessibility violations, payment provider identification, and compliance signals. All query parameters and personally identifiable information (PII) are stripped from URLs before processing. We log only the protocol and hostname for debugging — never the full URL path.

Caching Policy

Audit results are cached by domain for 30 days. This means repeat scans of the same domain return instant results without re-visiting your site. Cached results include a timestamp so you know when the scan was performed. You can force a fresh re-scan at any time, which replaces the cached entry.

What We Never Do

• Submit forms or enter data into fields
• Attempt logins or access authenticated pages
• Extract personal data, emails, or phone numbers
• Inject cookies, scripts, or tracking pixels
• Test credentials or attempt authentication bypasses
• Store raw page screenshots (analysis is ephemeral)
• Share or sell scan data to third parties

Supply Chain Scanner

The Supply Chain Scanner analyzes publicly available sustainability reports and ESG disclosures. When you submit a URL, our backend scrapes publicly accessible pages (respecting robots.txt), then sends the extracted text to Google Gemini AI for structured analysis. Gemini identifies supply chain nodes, geographic locations, regulatory alignment (EU CSRD, CSDDD, UFLPA, EUDR), and risk factors. Geographic coordinates are estimated from location names for map visualization. No private corporate data or internal systems are accessed.

Disaster & Climate Risk Scanner

The Disaster & Climate Risk Scanner assesses natural disaster exposure and climate vulnerability for each supply chain node. It uses Google Gemini AI with Google Search grounding to retrieve real-time information about active natural disasters, weather alerts, and climate conditions in each region. Risk scores (0-100) and hazard classifications are AI-generated estimates — not certified environmental assessments. Recent events data comes from real-time Google Search results at the time of the scan.

Interactive Maps & Logistics

Supply chain nodes are displayed on an interactive Mapbox map using estimated coordinates. The Nearby Logistics Finder uses Google Gemini with Google Maps grounding to identify ports, warehouses, and freight corridors near each node. Map interactions and node selections are processed client-side. No personal location data (your location) is used or transmitted — only the geographic locations of the supply chain nodes you scanned.

Rate Limiting

We enforce rate limits to prevent abuse and minimize traffic to scanned sites. Each domain is limited to one concurrent scan. Cached results are served for repeat requests within the 30-day window. Our scanner identifies itself via standard HTTP headers and respects robots.txt directives.