Report misuse of a Veracly report
Veracly issues signed technical compliance reports to identified requesters. If a Veracly report is being used inappropriately against your site — for example as a basis for a cease-and-desist (Abmahnung) without independent legal review, in litigation without your operator being contacted first, or republished in a way that implies a regulatory verdict — this page documents the intake channel and the response you can expect from us.
What this channel is for
Use abuse@veracly.app if you are the operator (or representative of the operator) of a site that is the subject of a Veracly report, and you believe the report is being weaponised rather than used as the technical scan output it is. Specifically:
- The report is being cited as a legal verdict, audit certification, or regulator finding. A Veracly report is none of those — it is an automated technical scan with statute cross-references. The cover-page disclaimer says so.
- The report was used as the basis of a cease-and-desist or formal demand sent to you without the sender having engaged with you first, and you would like Veracly to be on record that this was not the intended use.
- The report has been republished publicly (a “wall of shame”, a press article, a social-media thread) in a way that makes Veracly the author of an allegation about your business.
If you instead believe a specific finding in a report is factually wrong — the rule didn’t reproduce, the cookie isn’t there, the contrast value is computed incorrectly — that is the corrections channel, not the abuse channel. Email corrections@veracly.app with the report ID and the disputed finding. Corrections are handled on the same 5-business-day SLA described below.
What to include in your report
To process your request quickly, include:
- The Verification ID (UUID) printed on the final page of the PDF, or the URL of the
/verify/<id>page if you have it. - The domain the report is about.
- A short description of how the report is being used against you, with a copy of the communication or link if you have one.
- Whether you are the site operator, their counsel, or a third party. We can act most quickly when the request comes from the operator or counsel of record.
You do not need to provide identification documents to open a case — we’ll review the report and the misuse evidence first. If a remedy requires confirming you control the subject domain, we’ll ask for a DNS TXT record or equivalent at that point.
Response SLA
We commit to the following response times, measured from receipt at abuse@veracly.app during Sydney business hours (Mon–Fri, public holidays excluded):
- 1 business day
- Acknowledgement of receipt with a case number and the name of the responder.
- 5 business days
- Initial response with our position and proposed remedy (see below). For straightforward retraction requests where the requester email on the report confirms misuse, this is typically faster.
- Ongoing
- If the case requires re-scanning the site or coordinating with the original requester, we’ll keep you updated at least weekly until closed.
Possible remedies
Depending on the facts of the case, the remedies we can apply include:
- Retire the verify anchor. The
/verify/<id>page is moved to a retired state, so the report can no longer be presented as “independently verifiable” from our infrastructure. The proof-of-existence record stays on the audit ledger (we don’t fabricate history), but the signature material is scrubbed. - Reissue with corrections. If the underlying scan was accurate but findings were misinterpreted, we can reissue a clarified version and retire the original.
- Retract. If the scan itself was wrong (rule did not reproduce, stale data, mis-attributed domain), we retract the report. The verify URL serves a public retraction notice referencing this page.
- Suppress requester. If the requester email anchored on the cover is the same party using the report against you, we’ll add their address to a block list for future free scans, on top of whichever remedy applies to the specific report.
- No action. If the report is being used inside its documented purpose — an operator’s own counsel reviewing it, a customer asking their own team to fix the findings — we’ll explain that and close the case without changing the record.
What this channel is not
abuse@veracly.app is not a legal-services intake. We do not give legal advice to either side of a dispute, and a retraction or reissue from Veracly is not a substitute for the operator’s own legal review of any demand they have received. We will, on request, provide a short factual statement (case number, the action we took, the date) that an operator can cite back to the sender of the demand.
For security vulnerabilities in Veracly’s own infrastructure, please email security@veracly.app instead — that’s a separate channel with a separate SLA.