WCAG 2.2 accessibility scanning for agencies, compliance, and marketing teams
Prove compliance. Page by page.
Full-site WCAG 2.2 scanning. One report your marketing, compliance, and agency teams can all cite.
- Critical
- 47
- Serious
- 312
- Moderate
- 684
- Minor
- 1,804
How it works
Three steps. That’s it.
Point TrustScans at a URL. We do the rest, and hand you a report you can actually send to a client, a partner, or your legal team.
- Step 01
Enter your website address.
We find every page automatically — no sitemap or list of pages required.
- Step 02
We check every page.
Against WCAG 2.2 Level A, AA, and AAA. A typical mid-sized site finishes in under ten minutes.
- Step 03
You get one shareable report.
Evidence your compliance, legal, and marketing teams can all cite from the same link.
The report
Evidence your lawyer and your CMO can both read.
Every finding is tagged to its WCAG success criterion, scored, screenshotted, and graded per page — hand it off without explanation.
Score
pass-rate · 2,847 checks
Issues
across 4 severities
Pages
across your full site
Elapsed
start to finish
Severity distribution
2,847 issues · tagged to WCAG SC
- Critical
- 47
- Serious
- 312
- Moderate
- 684
- Minor
- 1,804
Who it’s for
Two teams. One source of truth.
Marketing owns the brand. Compliance owns the risk. TrustScans is the artifact both sides point at when someone asks “is this site actually accessible?”
For marketing
Protect the brand every time the site changes.
Issues are caught the moment a page changes — not in an angry email from legal four months later.
A fresh score on every update
Each site update gets rescored. A drop in your score triggers a note with the exact page that needs attention.
See what changed
Compare any two scans side-by-side. Spot the exact moment an accessibility issue appeared on your site.
Client-ready exports
PDF with your logo, CSV for the team, ZIP for the archive. No screenshots in slide decks.
For compliance
Produce the evidence every audit requires.
Every finding is tied to a WCAG success criterion, a timestamp, a page-level record, and the exact page it lives on.
WCAG 2.2 mapping
Every violation tagged to its Success Criterion — A, AA, or AAA — with the full rule text.
Timestamped record
Immutable scan history with per-page screenshots. Reproduce any finding on demand during an audit.
Jurisdiction coverage
ADA Title II/III, Section 508, EN 301 549, AODA, the EAA — all mapped to the same criteria you scan against.
Coverage
Every regulation, mapped.
Every TrustScans finding is tied to a specific regulation, a specific WCAG success criterion, and a specific page — so audit teams get proof and legal teams get the record. Click any regulation for a plain-language overview and its primary citation.
WCAG 2.2
W3C · 2023International · W3C
The international technical standard for digital accessibility, authored by the W3C. TrustScans evaluates every page against the 86 Success Criteria in 2.2 — and because 2.2 is fully backward compatible, covering 2.2 satisfies any regulation that still references 2.0 or 2.1.
Read the citation for WCAG 2.2Section 508
36 CFR 1194United States · Federal
U.S. federal procurement rule that governs the information and communication technology (ICT) federal agencies can buy and use. The 2018 refresh harmonized Section 508 with WCAG 2.0 Level AA.
Read the citation for Section 508ADA Title II & III
DOJ · 2024United States
Civil rights law prohibiting discrimination on the basis of disability. Title II covers state and local governments; Title III covers public accommodations. The April 2024 DOJ final rule explicitly names WCAG 2.1 Level AA for Title II entities.
Read the citation for ADA Title II & IIIEN 301 549
ETSI · v3.2.1European Union
The harmonized European standard for ICT accessibility. It is the technical basis of the Web Accessibility Directive and the European Accessibility Act. The current version, v3.2.1, is built on WCAG 2.1 Level AA plus additional ICT requirements.
Read the citation for EN 301 549AODA
O. Reg. 191/11Ontario, Canada
Ontario provincial law with the goal of an accessible Ontario by 2025. The Integrated Accessibility Standards Regulation (§14) requires WCAG 2.0 Level AA for public-sector websites and private organizations over a certain size.
Read the citation for AODAEuropean Accessibility Act
EU 2019/882EU · in force June 2025
EU directive requiring accessibility for a wide range of products and services across the single market. In force 28 June 2025. The technical route to conformance is EN 301 549, which is built on WCAG 2.1 Level AA.
Read the citation for European Accessibility Act
Every audit receives
Per-finding evidence
Screenshot, DOM snippet, CSS selector, WCAG SC, severity. Reproducible on demand.
Full scan history
Immutable record of every scan. Prove when a defect was introduced and when it was remediated.
Exports in every format
PDF for counsel, CSV for engineering, ZIP for archival, JSON for integrations.
Tenant isolation
Postgres Row-Level Security. SOC 2 Type II infrastructure. Custom DPAs on request.
Workflow
Set it up once. Trust every scan.
TrustScans runs on a schedule, tells you only what matters, and shows you exactly what changed between any two reports.
Recurring
Scan on a schedule.
Weekly or monthly full-site scans for every property you manage. Never forget a quarterly audit again.
- Frequency
- Weekly
- Day
- Monday 03:00 UTC
- Targets
- 12 domains
- Next run
- in 4d 17h
Alerting
Only page when it matters.
Threshold-based notifications: score drops, new critical issues, regulation-tagged regressions. Email, Slack, or webhook.
- Trigger
- Score − 5pts
- Channel
- #a11y-alerts
- Digest
- Fridays
- False positives
- 0 this qtr
Diffing
See what changed.
Compare any two scans side-by-side. Know exactly which commit introduced which issue on which page.
- A
- scan-881 · 91 A
- B
- scan-882 · 87 B
- Δ pages
- +3 regressions
- Δ criteria
- 1.4.3 · 2.4.7
Security
Built on SOC 2 Type II infrastructure.
The platforms TrustScans runs on — the ones doing the hosting, computing, and storing of your scan data — are independently audited for SOC 2 Type II every year. That’s the standard your security team probably asks about.
TrustScans itself is in beta and not yet SOC 2 certified as a product. We’re transparent about that distinction — the ground we stand on is audited; the product we’re building on top isn’t certified yet.
Custom DPAs, tenant-isolation documentation, and SIG/CAIQ responses available on request.
Questions
Things compliance and procurement actually ask.
01Does TrustScans produce a VPAT or ACR?
Our reports are VPAT-ready evidence — every finding is tagged with its WCAG success criterion, timestamped, and reproduced with a screenshot. Today, your team fills out the VPAT document using our report. We’re shipping a VPAT-formatted export that groups findings by criterion with a conformance column built-in.
02Which regulations does scanning cover?
Scans run against WCAG 2.2 Level A, AA, and AAA — which is backward compatible with every regulation that references 2.0 or 2.1, including ADA Title II/III, Section 508, EN 301 549, AODA, and the European Accessibility Act. Pick the level you audit against on each scan; reports tag each violation with its criterion for easy evidence mapping.
03Can you sign a DPA or complete a security questionnaire?
Yes. We provide custom Data Processing Agreements, SIG/CAIQ responses, and tenant-isolation documentation on request for government and enterprise prospects. Book a demo and the paperwork runs in parallel with the evaluation.
04Where is data stored and how is it isolated?
Hosted on Vercel with data in Supabase (Postgres), both operating under independently audited SOC 2 Type II controls. Every row is scoped to an organization via Postgres Row-Level Security; one customer’s scans cannot be read by another. TLS in transit, encryption at rest.
05How many pages can you scan?
You set the maximum per scan. We default to 500 pages and have run scans across 10,000+ pages. Full-site coverage typically completes in minutes, even for large properties.
06Does it work on React, Angular, and JavaScript-heavy sites?
Yes. Every page is loaded in a real browser, exactly the way your visitors see it. Single-page apps, client-side routing, and dynamic content are scanned the same way a user experiences them — so the evidence you get reflects what actually renders, not a stripped-down crawl of raw HTML.
07What does it cost?
Free during beta — no credit card, no seat limits, no per-URL pricing. Paid tiers will be announced before we leave beta; your feedback shapes the pricing. Government and enterprise pricing is handled through demos.
Start
See what’s on your site.
No credit card. No seat limits during beta. Enter your website address and get every WCAG violation across every page — graded, tagged, and ready to hand to whoever needs it.