Sharing a Veracly report with your developer, lawyer, or regulator
The same PDF gets read very differently by your developer, your lawyer, and the regulator who asked for it. Here is the three-audience guide to handing it over.
A Veracly report has three primary audiences. Each one reads it differently. The same PDF that lands in front of a developer as a backlog will land in front of a lawyer as a risk register and in front of a regulator as evidence. Here is how to hand it over to each.
Sharing with your developer
What they need: The Top Priorities (section 4) and the Remediation Appendix (section 6). Everything else is context they can skim.
How to share: Forward the PDF, then create one ticket per Top Priority row in your tracker. Each ticket should carry: the violation title, the severity, the specific element selector from the remediation card, and the copy-paste HTML/CSS/JS fix. Do not file a single ticket saying “fix all accessibility issues” — that ticket will sit forever.
What to put in the cover note: “Top ten priorities are linked below as tickets. The PDF appendix has the fix snippet for each. Please take the criticals first; we have a re-scan scheduled for [date].”
Sharing with your lawyer or compliance team
What they need: The Per-Jurisdiction Scorecard (section 3), the Per-Jurisdiction Detail pages (section 5..N), and the Legal Disclaimer (section 9). They will care less about the specific HTML fix and more about the citations panel on each detail page.
How to share: Forward the PDF with the verify URL. Most legal reviewers will independently verify the signature before they cite the report; handing them the URL upfront is faster than answering “is this authentic?” later.
What to put in the cover note: “Multi-jurisdiction scan dated [scanDate]. The legal-floor score on the AODA card uses Ontario’s 2.0-AA statutory bar; the cross-jurisdiction parity score uses 2.1 AA. Verification: veracly.app/verify/<uuid>.”
Sharing with a regulator
What they need: The Executive Summary, every Per-Jurisdiction Detail page, the Methodology section, and the Legal Disclaimer. Regulators care about methodology and rigor; they will scrutinize the “what we did not evaluate” disclosure as much as the findings.
How to share: The PDF only. Do not send the dashboard link; regulators expect a fixed-snapshot document they can file. Include the signature verify URL in the email body so the reviewer can independently confirm authenticity.
What to put in the cover note: Be brief and specific. “Per your request of [date] regarding [reference number], please find attached our most recent multi-jurisdiction compliance scan for [domain], dated [scanDate]. Verification: veracly.app/verify/<uuid>. The report was generated by an independent automated audit tool against WCAG 2.1 AA, GDPR, ePrivacy, EAA, ADA, UK Equality Act, and AODA. Methodology is documented in section 8 of the attached document. We are at your disposal for any follow-up.”
Sharing with a customer or B2B prospect
What they need: The cover page and Executive Summary. The full detail is available if asked for, but most enterprise procurement reviewers will file the report against a checklist after reading the cover.
How to share: Send the PDF as a transparency signal alongside your DPA or security questionnaire response. Frame it as proof that you monitor, not as a score to debate.
What to put in the cover note: “Attached is our current compliance scan, dated [scanDate]. We re-scan weekly and any score change triggers an internal review. The PDF is signed and independently verifiable at the URL on the last page.”
Publishing the report on your own site
Some customers publish their Veracly reports on a public /accessibility or /trust page as a transparency signal. This is an unusually strong move for an SMB and rewards well — it is concrete evidence of audit cadence, the signature makes the claim falsifiable, and the page itself becomes a trust signal that closes B2B deals.
If you publish, link directly to the PDF and to the verify URL. Do not extract screenshots — the value is the falsifiable signed document, not a screenshot anyone could fake.
What never to do
- Do not edit the PDF before sharing. Any byte change invalidates the signature, and the recipient’s verification will fail.
- Do not strip the disclaimer page. The integrity block lives there; without it the report cannot be verified.
- Do not re-export the PDF through a different viewer (some viewers re-encode the file on save). If you need a different format, generate it from the original.
- Do not redact findings before forwarding. If a regulator later requests the original and the redacted version was shared with the same number, that discrepancy is itself reportable.
See also: How to verify a Veracly report is authentic · Reading your first Veracly report
Common questions
Can I share my Veracly report publicly?
Yes — the PDF is yours, and verification works without a Veracly account. Some customers publish their reports on a /accessibility or /trust page as a transparency signal. The signature lets external parties confirm the bytes are unaltered.
Should I share the dashboard or just the PDF?
The PDF for most external audiences. Internal stakeholders who need the issue inventory and drill-down get more value from the dashboard, but external recipients (regulator, customer, lawyer) expect a single fixed document they can save.
Will the PDF expire?
The download link expires after 7 days, but the report itself does not. A recipient who saved the PDF locally can verify it forever — the signature anchored in our audit ledger persists indefinitely.
See where your site stands.
Run a free Veracly scan and get a multi-jurisdiction report — EAA, GDPR, ADA, UK Equality Act, AODA — with copy-paste developer fixes.
Run a free scan