auditly
Log inStart free
Verification, not certification — by design

Compliance that ships with your code

Continuous accessibility, cookie, tracker, and privacy-policy scans across every page you ship. Real findings, real fixes, public verification badge — built for engineers, not auditors.

Start free — 25 creditsTake the 5-minute self-audit →

No credit card. Free tier covers a small site indefinitely.

Built on the same engines the pros use

axe-corePlaywrightTracker RadarOpenRouterSupabasePostgres

Four pillars

Everything a compliance review touches, on every deploy

Where most tools cover one pillar deeply, we cover four — and we're honest about what each one can and can't do.

Accessibility

WCAG 2.1/2.2 audits powered by axe-core. Every violation comes with the offending DOM node and a fix path.

~200 rules · WCAG A & AA

Learn more →

Cookies

Pre-consent tracking detection, security flag review, and category classification against an open cookie database.

4 issue types · 8 categories

Learn more →

Trackers

Network interception finds every third-party tracker. Browser-API hooks find canvas, WebGL, and audio fingerprinting.

50+ trackers · 4 fingerprint APIs

Learn more →

Privacy policy

LLM-graded against a strict GDPR / CCPA / COPPA rubric. Each pass returns an evidence quote you can verify.

14 rubric items · 11 languages

Learn more →

How it works

From signup to badge in 5 minutes

1

Add a domain

Drop in a hostname. We generate a unique ownership token.

2

Verify in 60 seconds

Add a single <meta> tag to your homepage and click Verify. We check it once and remember.

3

Run a scan

Pick which pillars to run. Headless Chromium does the work. JSON results land in your dashboard within a couple of minutes.

4

Embed the badge

A public SVG badge linking to your verification page. Updates automatically on every successful scan.

What you get

Findings you can hand to an engineer

Not a glossy PDF. Not a vendor lock-in. Every finding is structured JSON with rule ID, severity, the offending DOM node, the failure summary, and a link to the rule documentation. Export it, diff it, ship a fix.

  • Per-pillar score (0–100) with explainable weighting
  • Issue list grouped by severity, with DOM-level evidence
  • Diff against your previous scan in a future release
  • JSON over REST + an MCP server for AI-driven workflows
{
  "pillar": "accessibility",
  "summary": { "violationCount": 7, "score": 78 },
  "violations": [
    {
      "id": "color-contrast",
      "severity": "serious",
      "tags": ["wcag2aa", "wcag143"],
      "nodes": [
        {
          "html": "<a class='text-slate-400' href='/about'>...</a>",
          "target": ["nav.site-nav > a:nth-child(2)"]
        }
      ]
    }
  ]
}

For developers

An API-first product, not a dashboard with an API bolted on

Every scan you can run in the dashboard is one POST away. Every result is one GET away. Pipe it into CI, into Slack, into your own data warehouse — or let an AI agent do it for you via the MCP server.

  • · REST API with stable JSON contracts
  • · Per-account API keys with one-click rotation
  • · Idempotent scan IDs, exponential backoff, automatic refunds on failure
  • · MCP server: run_scan, get_scan, list_domains
  • · Webhooks (coming) and a GitHub Action (coming) on the same primitives

$ curl -X POST .../v1/scans \\

-H "Authorization: Bearer $SGK" \\

-d '{"domainId": "...", "pillars": ["accessibility"]}'

{ "scan": { "status": "queued" }, "creditsRemaining": 23 }

Pricing

Honest, credit-based pricing

One scan on one pillar = 1 credit. Failed pillars are auto-refunded. Free plan covers small sites indefinitely.

Free

$0

25 credits / month

Pro

$20

100 credits / month

Business

$35

250 credits / month

Enterprise

$70

500 credits / month

Compare plans →

Common questions

Is this a substitute for a real audit?

No, and we don't pretend otherwise. Automated scanners catch ~50–60% of WCAG issues; we use ours for continuous monitoring and a structured punch list, then bring humans in for formal certification.

Why does the badge say "Verified" not "Compliant"?

Because we can verify a domain is monitored — we can't certify legal compliance. Vendors who claim otherwise are setting their customers up for liability.

Can I integrate with CI?

The API is designed for it; a GitHub Action is on the near-term roadmap. POST to /v1/scans, poll the result, fail the build on regression — that's the whole flow.

See all FAQs →

Find what you'd rather find before regulators or users do

Sign up, scan one site, see the report. If it's not useful, you've lost five minutes.

Start free — 25 creditsBrowse the monitored directory