Veracly

Don’t trust us. Verify us.

A compliance report is only worth anything if you can check it. So Veracly is built so you don’t have to take our word for a single thing: every report is cryptographically signed and independently verifiable, every finding is deterministic and reproducible from your own page, and we run exactly the same scan on ourselves.

Veracly, scanned by Veracly

Our own compliance scorecard

veracly.app run through the same engine we sell, on 14 July 2026. This is a real, Ed25519-signed report anchored in our audit ledger — so you don’t have to believe the numbers, you can verify the report they came from.

0 violations across 54 pages · 0 critical

100
EAA
100
GDPR
100
ADA
100
UK Equality
100
AODA
100
AU
Verify this signed report →Download the report (PDF)

Every report is independently verifiable

When Veracly issues a report, it doesn’t just make a PDF. Each report is signed with an Ed25519 digital signature and its hash is written to an append-only audit ledger — a tamper-evident record that the report existed, unchanged, at that moment.

Anyone holding a report can confirm all of that at veracly.app/verify without trusting us: the page checks the signature against our public key (published at /.well-known/veracly-signing-key.json) and confirms the ledger anchor. A tampered PDF, or a report we never issued, fails the check. That is the difference between “a vendor says you’re non-compliant” and “here is a signed record you can put in front of a regulator or a buyer.”

See how verification works →

Deterministic engine — reproduce any finding yourself

Veracly’s detection is a rule-based engine, not an AI guess. Accessibility uses the open-source axe-core ruleset; cookies, trackers and pre-consent firing are analysed deterministically; policy pages and jurisdiction rules are fixed logic. The same site always produces the same findings and the same score.

Every finding maps to a specific, citable rule — a WCAG success criterion, a GDPR Article, an ePrivacy/§ TDDDG clause, an EAA requirement — and most are reproducible in your browser’s DevTools in seconds (open F12, watch the tracker fire before the banner, or the element with no alt). You never have to take “because the tool said so” on faith.

AI is used only to phrase the report — the plain-English explanations, summary, and suggested fixes — never to detect or score anything, and always with a hand-written fallback. The full breakdown is on how Veracly uses AI.

We have no reason to inflate a finding

Veracly checks compliance but does not sell you the fix. We don’t install a widget, we don’t bill by the issue, and we don’t profit from a scary number. A tool that also sold you the remediation couldn’t credibly certify it; our findings carry no such conflict of interest. That independence is the whole point of an outside check.

We stand behind every finding

If you believe a specific finding is wrong — the rule didn’t reproduce, the cookie isn’t there, a value is miscomputed — tell us at corrections@veracly.app with the report ID. We respond within 5 business days, and if we’re wrong we correct or retract the report — the verify page then serves a public retraction. If a report is being misused against a site, that’s veracly.app/abuse. Standing behind accuracy, in public, is part of the product — not the fine print.

A real, accountable company

Veracly is operated by RR Sols Pty Ltd (ABN 56 672 722 486), Sydney, Australia. There’s a named team behind it, a full legal imprint, a published privacy notice and sub-processor list, and a data-processing agreement available to customers. Where your data is processed and stored, and every third party that touches it, is disclosed — not buried.

About us·Imprint·Privacy notice·Sub-processors