Skip to main content
Verified & Compliant

Website Compliance Report

idfs.ai is our own proof of concept. Every Forged Site ships with a report exactly like this one, re-verified on every deploy.

Last verified: April 16, 2026

Accessibility
Lighthouse Score
Best Practices
Lighthouse Score
A+
Security
Header Grade
Performance
Lighthouse Score

ADA Accessibility — WCAG 2.2 Level AA

✓ Compliant

idfs.ai is designed and maintained to conform with the Web Content Accessibility Guidelines (WCAG) 2.2 at Level AA, published by the W3C. Our compliance is verified through automated testing (Google Lighthouse, axe-core) and manual keyboard/screen-reader evaluation after every deploy.

Features implemented:

  • Skip-to-main-content navigation link
  • Semantic HTML5 landmarks (header, nav, main, footer)
  • Full keyboard navigation with visible focus indicators
  • Color contrast ratios meeting or exceeding AA minimums (4.5:1 body, 3:1 large)
  • prefers-reduced-motion respected across all animations and video
  • Descriptive alt text on all informational images; decorative images marked
  • Touch targets ≥24×24px on all interactive elements
  • Responsive layout supporting 200% zoom without content loss
  • Screen-reader verified with NVDA and VoiceOver

Full details: Accessibility Statement

Privacy Law Compliance

CCPA · CPRA · GDPR-ready · NC ITPA

IDFS AI LLC is a North Carolina limited liability company. North Carolina does not yet have a comprehensive consumer privacy law, but we extend CCPA/CPRA and GDPR-equivalent rights to every visitor regardless of jurisdiction. We also comply with the North Carolina Identity Theft Protection Act (N.C. Gen. Stat. § 75-60 et seq.) for breach notification and personal-information handling.

  • We do not sell or share personal information
  • Right to know, access, delete, correct, and opt out
  • Specific retention schedules documented per data category
  • Two opt-out methods available (email and phone)
  • Authorized agent requests accepted
  • Children’s privacy protected (COPPA-aware)
  • GDPR lawful-basis documented for EU visitors

Full details: Privacy Policy

Cookie Consent & GDPR Readiness

GA4 Consent Mode v2 · GDPR-Ready

idfs.ai uses Google Analytics 4 with Consent Mode v2. Analytics cookies are blocked by default and only activated after you actively consent. No advertising, retargeting, or cross-site tracking cookies are used.

  • Zero cookies set before user consent (verified via headless browser)
  • Symmetrical Accept / Reject Non-Essential choice
  • Global Privacy Control (GPC) signal auto-honored
  • Preferences changeable at any time via footer “Cookie Settings”
  • Complete cookie inventory published

Full details: Cookie Policy

Website Security

Grade A+ · TLS 1.3

idfs.ai implements industry-standard security headers and encryption to protect visitors and their data. Every header below is verified after each deploy.

Encryption TLS 1.3 (AES-256-GCM)
HSTS Strict Transport Security (1 year, includeSubDomains)
Content Security Policy Restrictive CSP with explicit allow-list
Clickjacking Protection X-Frame-Options DENY
MIME Sniffing X-Content-Type-Options nosniff
Privacy Controls Referrer-Policy + Permissions-Policy

How This Report Stays Current

Living document · re-verified on every deploy

Compliance is not a checkbox — it drifts. A third-party integration update, a CSP tightening, a tag-manager cleanup: any of these can silently break the compliance posture we committed to. This report is designed to catch that drift in real time.

Agent-Driven Deploys

Every website change made through an IDFS AI agent triggers our Vigil compliance engine automatically. WCAG 2.2 AA, privacy/consent behavior, security headers, and Lighthouse scores are re-verified before the deploy goes live. If anything fails, the deploy is blocked.

Off-Agent Changes

If a change is made outside our agent pipeline — for example, a CMS edit, a direct nginx adjustment, or a plugin update on a WordPress-bridged Forged Site — the report flags itself as pending re-verification. We recommend requesting a manual re-audit within 48 hours of any off-agent change.

Monthly Drift Audit

Regardless of deploy activity, Vigil re-audits every Forged Site at least once per month to catch silent drift from upstream CDN changes, browser policy updates, or accessibility standard revisions.

Every Forged Site ships with a report exactly like this one, maintained with the same protocol.

Legal & Compliance Documents

Privacy Policy Terms of Service Cookie Policy Accessibility

This report reflects the state of idfs.ai as verified on April 16, 2026. Scores are generated by Google Lighthouse, pa11y/axe-core, and automated security-header analysis. Compliance is re-verified after every deploy via our in-house Vigil engine.