What does the scan actually check?

Seven dimensions: WCAG 2.2 checkout accessibility, supply chain transparency (CSRD/CSDDD/UFLPA/EUDR), domestic sourcing compliance, logistics risk, disaster exposure, AI agent readiness, and GroundTruth ethical transparency.

Is the free scan really free?

Yes. No card required. Your first scan runs the full checkout accessibility audit with PII auto-redacted. Pro unlocks all seven tools, continuous monitoring, and API access.

What makes this different from other accessibility scanners?

We scan cross-origin payment iframes — the actual Stripe, Braintree, and PayPal checkout components embedded on your page. No other tool tests these. We also test AI agent checkout readiness, which no competitor addresses.

We scan only publicly accessible pages. PII is auto-redacted. We never store credentials. EU/EEA traffic routes through GDPR Article 45 adequate infrastructure in Canada. Full DPA available.

Can I integrate with my CI/CD pipeline?

Yes. REST API with webhook support and a Model Context Protocol (MCP) server for Claude Desktop, Cursor, and agentic commerce workflows.

Back to Privacy Policy

How We Scan

Full transparency about how SmarterTariff analyzes public checkout pages for accessibility compliance. We believe you should know exactly what happens when you run a scan.

Scoring Methodology

SmarterTariff scores are displayed on a 0-95 scale. Our Patent Pending scoring methodology does not claim confidence beyond 95, reflecting inherent variability in agentic commerce and compliance assessment. Scores are computed from multiple signals — semantic structure, checkout flow, payment form accessibility, compliance barriers, and supply-chain regulatory risk — and capped at the display boundary to ensure public output matches our internal confidence standard.

What We Scan

We scan publicly accessible checkout and payment pages only — the same pages any customer would see when making a purchase. We focus specifically on the payment flow because cross-origin iframes (Stripe Elements, PayPal, Adyen Drop-in) are invisible to every other automated accessibility scanner.

How We Scan

Our scanner is implemented as a server-side instrumented headless browser. The instrumentation allows programmatic inspection of cross-origin payment iframes that browser same-origin policy would otherwise block. Against this instrumented browser we run automated WCAG 2.2 accessibility checks, our own compliance heuristics, and payment provider detection. This is functionally identical to a human visiting your page with a browser — no exploits, no automation bypasses.

AI Analysis Infrastructure

AI analysis runs on third-party AI infrastructure accessed through authenticated server-side calls scoped to our backend cloud project. We do not use consumer API keys, and no AI calls originate from the user's browser. Inputs are processed server-side; prompts are bound to structured-output schemas so the model cannot return free-form user-identifiable content into our results. Specific provider identities are listed in our DPA per GDPR Art. 28.

What We Collect

We extract page structure (DOM), WCAG accessibility violations, payment provider identification, and compliance signals. All query parameters and personally identifiable information (PII) are stripped from URLs before processing. We log only the protocol and hostname for debugging — never the full URL path.

Caching Policy

Audit results are cached by domain for 30 days. This means repeat scans of the same domain return instant results without re-visiting your site. Cached results include a timestamp so you know when the scan was performed. You can force a fresh re-scan at any time, which replaces the cached entry.

Supply Chain Scanner

The Supply Chain Scanner analyzes publicly available sustainability reports and ESG disclosures. When you submit a URL, our backend scrapes publicly accessible pages (respecting robots.txt), then sends the extracted text to our AI analysis layer for structured analysis. Supply chain nodes, geographic locations, regulatory alignment (EU CSRD, CSDDD, UFLPA, EUDR), and risk factors are identified. Geographic coordinates are estimated from location names for map visualization. No private corporate data or internal systems are accessed.

Disaster & Climate Risk Scanner

The Disaster & Climate Risk Scanner assesses natural disaster exposure and climate vulnerability for each supply chain node. It uses our AI analysis layer with real-time web search grounding to retrieve information about active natural disasters, weather alerts, and climate conditions in each region. Risk scores (0-100) and hazard classifications are AI-generated estimates — not certified environmental assessments. Recent events data comes from real-time web search results at the time of the scan.

Interactive Maps & Logistics

Supply chain nodes are displayed on an interactive Mapbox map using estimated coordinates. The Nearby Logistics Finder uses our AI analysis layer with mapping grounding to identify ports, warehouses, and freight corridors near each node. Map interactions and node selections are processed client-side. No personal location data (your location) is used or transmitted — only the geographic locations of the supply chain nodes you scanned.

Rate Limiting

We enforce rate limits to prevent abuse and minimize traffic to scanned sites. Each domain is limited to one concurrent scan. Cached results are served for repeat requests within the 30-day window. Our scanner identifies itself via standard HTTP headers and respects robots.txt directives.

Related Policies

Last updated: March 2026 · Questions? chris@smartertariff.com