How We Detect Website Compliance Violations
Our proprietary analysis platform conducts comprehensive, automated compliance audits across three areas of law. Every finding is independently verifiable, cryptographically sealed, and documented with a complete chain of custody.
The Violations Forensics (VF) Report
When a website is identified as having potential compliance issues, our platform produces a VF Report — a detailed, evidence-backed assessment designed to meet evidentiary standards.
Privacy Compliance
CIPA — Cal. Penal Code §631
Evaluates whether tracking technologies activate before a visitor provides meaningful consent. Covers third-party pixels, analytics collection, consent banner functionality, and dark pattern detection.
Accessibility Compliance
ADA Title III / Unruh Act
Assesses compliance with WCAG 2.1 Level AA across four principles: perceivable, operable, understandable, and robust. Each finding is mapped to specific WCAG success criteria with severity classification.
Video Privacy
VPPA — 18 U.S.C. §2710
Identifies whether embedded video players transmit viewing data to third parties without the required written consent. Covers player behavior, third-party connections, and data-sharing patterns.
Evidence Standards
The integrity of our findings is central to every VF Report. Our evidence collection process produces records designed to withstand legal scrutiny.
Cryptographic Verification
Every piece of evidence is individually hashed using SHA-256 (FIPS 180-4 compliant). Hashes are recorded in a manifest file. If any file is altered after collection, the hash mismatch provides immediate, mathematically verifiable tamper detection.
Chain of Custody
Each audit generates an entry in an append-only chain-of-custody log recording when the audit was conducted, what was collected, and how evidence has been handled — mirroring digital forensics standards.
What an Evidence Package Contains
- Complete record of the website as rendered at audit time
- All network activity during page load, including third-party connections
- Full inventory of data collection technologies with timing data
- Visual documentation at key stages
- SHA-256 manifest covering every file
- Chain-of-custody log entry
Ongoing Monitoring
For websites under continued observation, recurring audits produce a longitudinal evidentiary record documenting whether violations persist, are remediated, or change over time. The cumulative record strengthens legal standing by demonstrating patterns rather than single snapshots.
Compliance Scoring
Each website receives a composite compliance score from 0 to 100, reflecting the overall severity and breadth of detected violations.
Number & type of violations across all three legal categories
Severity of each individual finding
Presence or absence of consent mechanisms
Indicators of willful or knowing non-compliance
Standards & Frameworks
Our methodology is built on established legal and technical standards.
| Standard | Application |
|---|---|
| WCAG 2.1 Level AA | Accessibility evaluation baseline |
| SHA-256 (FIPS 180-4) | Evidence integrity verification |
| HAR 1.2 Specification | Network activity documentation |
| CIPA (Cal. Penal Code §630 et seq.) | Privacy violation criteria |
| ADA Title III (42 U.S.C. §12181) | Federal accessibility requirements |
| Unruh Civil Rights Act (Cal. Civ. Code §51) | California accessibility requirements |
| VPPA (18 U.S.C. §2710) | Video privacy violation criteria |
| CCPA (Cal. Civ. Code §1798.100 et seq.) | Data deletion requirements |
Understanding Your VF Report
If you have received correspondence referencing a VF Report associated with your website, the report documents specific compliance findings that have been independently verified and preserved. The findings are based on automated analysis conducted against the standards listed above and are supported by cryptographically sealed evidence.
We recognize that most businesses do not intentionally violate privacy or accessibility laws. Many violations stem from third-party tools, default platform configurations, or website changes made without a full understanding of the compliance implications. Regardless of how the violations arose, they represent real legal exposure. The good news is that most issues are technically straightforward to remediate with the right expertise.
Getting Compliant
APFCompliant specializes in helping businesses identify, understand, and resolve website compliance issues.