EAAGuard

FAQ - EAAGuard

#What is a "quick audit" and what do I get with one?

A quick audit is a manual review performed by a vetted accessibility auditor from the EAAGuard marketplace. It covers one page of your choice and produces a basic report that confirms what automated scanning found, catches the things automation misses (keyboard flow, focus order, real screen-reader behaviour, ambiguous wording), and gives a short list of prioritised fixes.

Typical marketplace price for a quick audit is EUR 150-300. The Pro plan includes one quick audit per year as part of the subscription - you choose when to redeem it. The credit does not roll over to the next year.

If you need more pages reviewed, you can open a new marketplace request at standard rates at any time; the platform fee is 20% regardless of plan.

#What is a "standard audit" and how is it different from a quick audit?

A standard audit is a deeper manual review covering up to 10 pages of your site, with a detailed report: scope, sample pages chosen with the auditor, every WCAG 2.1 / 2.2 finding mapped to a success criterion, severity, evidence (screenshots, code snippets), and an actionable remediation plan.

Typical marketplace price is EUR 500-1,500. The Business plan includes one standard audit per year; the credit does not roll over.

For full-site reviews aligned with EN 301 549 documentation (the level usually requested for public-sector procurement in the EU) you can open a full audit request through the marketplace at standard rates - those run EUR 2,000-10,000+ depending on site size.

#What does "1 daily-scan site" mean? Can I switch which site is the daily one?

On the Business plan you can pick one site to be re-scanned every 24 hours. The other sites on your account stay on the weekly cadence. Enterprise gets three daily slots; Free, Starter and Pro do not include daily scanning.

The reason for the per-account limit is product, not capacity: for compliance monitoring weekly is plenty - WCAG issues do not appear day to day, they appear on releases. The right tool for "scan on release" is the webhook scan trigger (Business+), which fires a scan on each deploy without burning daily polling cycles.

You can switch which site holds the daily slot in Site -> Daily scan. To prevent accidental flapping (and any future side-effects we add to the toggle), the flag has a 24-hour cooldown per site - once you turn it on or off for a given site, that site cannot be toggled again for 24 hours. The plan-wide Scans per month cap still applies on top of all this.

#How does the webhook scan trigger work, and are there rate limits?

Webhook scan trigger (Business+) lets your CI / CD fire a scan the moment a deploy goes live, instead of waiting for the next scheduled scan.

How it works. Each site has its own secret. You POST to /v1/webhook-trigger/{site-uuid} and sign the payload as HMAC-SHA256("{timestamp}:{body}", secret), sending the headers X-EAAGuard-Signature: sha256=<hex> and X-EAAGuard-Timestamp: <unix-seconds>. Requests older than 300 seconds are rejected to defeat replay.

Rate limit. There is no per-second throttle. The real cap is your plan's Scans per month budget - each webhook hit consumes one scan from that budget. Business is 60/month, Enterprise 240/month. Once the budget is exhausted, the trigger returns 403 Monthly scan quota reached until the next 30-day window opens up. This is on purpose: if you fire one trigger per deploy, you almost never hit the cap; if a stuck CI fires hundreds, you do not run up an open-ended bill.

#What counts against my "scans per month"?

Every scan that finishes - or even reaches the worker - counts as one. This includes:

  • Scheduled scans the cron enqueues for you.
  • Manual "Scan now" clicks from the site dashboard.
  • Webhook scan triggers fired by your CI / CD.

What does not count:

  • Reading old scan reports or exporting PDFs.
  • Marketplace audit requests (those are human work, billed separately).
  • Account-level pages: dashboards, settings, accessibility statements.

The counter is a rolling 30-day window, not a calendar month. If you scan 60 times on the 1st you can scan again 30 days later.

#Does EAAGuard make my site compliant with the EAA / WCAG?

No - and any tool that claims to does not have your back when an audit lands. Automated scanning (we use axe-core, the engine Google, Microsoft and Deque ship) catches roughly 30-40% of WCAG issues. The rest (keyboard navigation, focus order, real screen-reader behaviour, content clarity, alt-text quality) only a human can judge.

What EAAGuard does do:

  • Run the best automated engine on a real Chromium against your live pages so SPAs render properly.
  • Track findings over time so regressions are visible.
  • Produce an accessibility statement template you can adapt.
  • Connect you to independent EU auditors through the marketplace for the manual portion. Pro and Business include credits to start.

If a vendor offers a one-click "compliance widget" (the overlay approach), that is the thing we will not build, on principle. It does not move the WCAG numbers and the EU courts have repeatedly ruled against overlay vendors when audits go wrong.

About the "auto-scan health" number

The 0-100 number you see next to a scan is a heuristic indicator we compute from the axe-core findings (per-severity weighted, normalised per page). It is not a WCAG conformance score, because:

  • WCAG conformance is binary at each level. A site either meets WCAG 2.2 Level AA or it does not - there is no official scale.
  • Even a perfect 100 only means "axe-core found nothing actionable on these pages". Keyboard navigation, focus order, real screen-reader behaviour, content clarity, alt-text quality - none of these are covered by automation, and they are exactly where most real failures live.

Use the number to track trends (did the score regress after the last deploy?) and to prioritise pages with high violation counts. To answer "are we compliant?" book a marketplace audit.

#How does the marketplace fee work?

The platform takes a flat 20% fee on the price quoted by the auditor; the remaining 80% is paid out to the auditor. The fee is the same on every tier - what changes between tiers is whether you have an included credit (Pro / Business) and whether you get a discount on additional audits (Business: 10% off marketplace work, applied at checkout).

Marketplace auditors are independent contractors, not employees of EAAGuard. We verify the credentials they list on their profile, but the work itself is between you and the auditor. Reviews are published from real clients only; we do not edit them.

#Can I get a refund? How does the 14-day guarantee work?

Yes. Every paid plan ships with a 14-day money-back guarantee: cancel inside the first two weeks of a fresh subscription and you get a full refund - no need to justify it. After 14 days the subscription continues until the end of the current billing period and renews unless you cancel.

Refunds are processed by Paddle (our Merchant of Record) and usually land within 5-10 business days depending on your bank. The exact policy lives at /legal/refund.

Marketplace audits are separate: a quick or standard audit is real human work and is non-refundable once the auditor has accepted the request. Until acceptance you can cancel free.

#Who handles billing and VAT?

Paddle is our Merchant of Record. They handle the checkout, store payment details, manage chargebacks, and issue invoices. Subscriptions appear on your card statement under Paddle, not EAAGuard.

VAT. EAAGuard does not collect or remit VAT - we have direct confirmation from Paddle that VAT is handled by you (or by your own accountant) under the standard EU rules for B2B SaaS. Your Paddle invoice will reflect this.

If your organisation needs a custom invoice with a specific VAT ID, write to [email protected] before subscribing and we will route you through Paddle's invoice flow.

#What happens to my sites and scans if I downgrade?

Nothing is deleted on downgrade. If the lower plan caps the number of sites below what you have today, you get to choose which sites stay active within the new limit; the rest are paused (still in your account, still showing past scan reports, just not scanned automatically). You can swap which sites are active at any time.

Daily-scan designation, webhook triggers and the public read-only API all gate off automatically if the new plan does not include them. Past scan data and accessibility statements stay accessible.

Plan changes take effect at the end of the current billing period - you keep the higher tier's capabilities until then.