https://willys-restaurant.lovable.app
Compliance
· 23 checks — WCAG, consent & privacy, language, viewport, cookie inventory, and legal pages rolled into one auditable list.SCORE
64
GRADE
D
FIX
2
REVIEW
5
PASS
13
INFO
3
Checks
2313 PASS 5 REVIEW 2 FIX
FGDPR Article 13 DisclosuresAction0 / 8 Art. 13 categories matched in homepage bodyFIX
GDPR Article 13 Disclosures
Action0 / 8 Art. 13 categories matched in homepage body
0 / 8 Art. 13 categories matched in homepage body
Warning::
GDPR Article 13 disclosure coverage: 0 / 8 categories
Scanned the homepage body text AND the linked /privacy page for GDPR Article 13 disclosures. Matched 0 of 8 categories: . Missing: Data Protection Officer contact (where applicable), Data retention period, Data subject rights (access, erasure, rectification, etc.), Identity / contact details of the data controller, International data transfers, Legal basis for processing, Recipients of personal data, Right to lodge a complaint with a supervisory authority. Note: only the FIRST same-origin privacy-policy link is followed; deeper sub-pages (e.g. /legal/data-subject-rights) are not fetched.
Got: 0/8
FLegal Page EcosystemAction0 of 7 expected legal pages detectedFIX
Legal Page Ecosystem
Action0 of 7 expected legal pages detected
0 of 7 expected legal pages detected
Warning::
Privacy Policy not detected
No link matching common Privacy Policy URL patterns or link text was found. Most websites are expected to have a Privacy Policy, especially those collecting user data.
Warning::
Terms of Service not detected
No link matching common Terms of Service URL patterns or link text was found. Most websites are expected to have a Terms of Service, especially those collecting user data.
Info::
Cookie Policy not detected
No link matching common Cookie Policy URL patterns or link text was found. Most websites are expected to have a Cookie Policy, especially those collecting user data.
Info::
Accessibility Statement not detected
No link matching common Accessibility Statement URL patterns or link text was found. Most websites are expected to have a Accessibility Statement, especially those collecting user data.
Info::
DMCA / Copyright Notice not detected
No link matching common DMCA / Copyright Notice URL patterns or link text was found. Most websites are expected to have a DMCA / Copyright Notice, especially those collecting user data.
Info::
Refund / Returns Policy not detected
No link matching common Refund / Returns Policy URL patterns or link text was found. Most websites are expected to have a Refund / Returns Policy, especially those collecting user data.
Info::
Acceptable Use Policy not detected
No link matching common Acceptable Use Policy URL patterns or link text was found. Most websites are expected to have a Acceptable Use Policy, especially those collecting user data.
Privacy PolicyNot found
Terms of ServiceNot found
Cookie PolicyNot found
Accessibility StatementNot found
DMCA / Copyright NoticeNot found
Refund / Returns PolicyNot found
Acceptable Use PolicyNot found
0 of 7 common legal pages detected
BCookie Consent & PrivacyNo consent signals detectedREVIEW
Cookie Consent & Privacy
No consent signals detected
No consent signals detected
Warning::
No privacy policy link detected
A privacy policy page is recommended for transparency and may be legally required.
Info::
No terms of service link detected
Info::
No cookie consent banner detected
Info::
1 essential cookie(s) on initial load — no consent required
Info::
This is an automated check, not legal advice
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Consent Banner Not detected Privacy Policy Not found Terms of Service —
Pre-consent Cookies
__cf_bm Functional
This is an automated check, not legal advice. Consult a privacy professional for GDPR/CCPA compliance.
A privacy policy page is recommended for transparency and may be legally required.
Why this matters
GDPR, CCPA, and most other privacy laws require a published privacy policy — its absence is a per-violation fine.
Learn more ▾ ▴
If you collect any personal data (analytics counts), GDPR requires a clear privacy notice describing what you collect, why, and how to exercise data rights. Fines start at €10M or 2% of global revenue, whichever is higher. CCPA's penalties scale per affected user.
Source: GDPR Article 13 / CCPA
BeaverCheck detects technical indicators of consent management. This does not constitute a legal compliance assessment. Consult a privacy professional for GDPR/CCPA compliance.
Why this matters
Disclaimer: legal-page checks identify presence/absence; consult counsel for legal sufficiency.
BAccessibility StatementNo accessibility statement detectedREVIEW
Accessibility Statement
No accessibility statement detected
No accessibility statement detected
Warning::
No accessibility statement detected
Sites are increasingly expected to publish an accessibility statement. Required by EU Web Accessibility Directive 2016/2102 for public-sector bodies; recommended best practice elsewhere. Common URLs: /accessibility, /accessibility-statement, /a11y.
CThird-Party TrackersAction1 trackers detectedREVIEW
Third-Party Trackers
Action1 trackers detected
1 trackers detected
Info::
1 third-party trackers detected
Found 1 analytics, 0 advertising, 0 marketing, 0 tag manager, 0 session-replay, 0 heatmap trackers.
Got: 1 trackers
Warning::
Trackers detected but no cookie policy found
This page loads 1 trackers but no cookie policy was detected. GDPR requires disclosure when using tracking cookies.
Warning::
Trackers detected but no privacy policy found
Most data protection regulations require a privacy policy when collecting user data via trackers.
CCompliance BadgesAction0 compliance badge(s) detectedREVIEW
Compliance Badges
Action0 compliance badge(s) detected
0 compliance badge(s) detected
Info::
No compliance badges detected
No recognized compliance certification badges or seals were found. This is common — many sites do not display compliance badges.
SOC 2
ISO 27001
PCI DSS
GDPR Certified
HIPAA Compliant
Better Business Bureau
TRUSTe / TrustArc
Privacy Shield
McAfee SECURE / TrustedSite
Norton Secured
Badge detection is based on image alt text, link URLs, and page content. Detection does not verify that certifications are current or valid.
A+WCAG ComplianceNo testable criteriaPASS
WCAG Compliance
No testable criteria
No testable criteria
Level A
Level AA
0
Passed
0
Failed
0
Partial
0
Manual review
0
Not tested
Automated testing covers ~30–40% of WCAG criteria. Manual review is recommended for full conformance.
Full WCAG 2.1 AA compliance checklist — paste into a client deliverable or ticket
A+Consent UX DepthNo consent-UX depth issues detectedPASS
Consent UX Depth
No consent-UX depth issues detected
No consent-UX depth issues detected
Info::
No consent-UX depth issues detected
A+Tracker InventoryNo known trackers detected on this pagePASS
Tracker Inventory
No known trackers detected on this page
No known trackers detected on this page
Info::
No known trackers detected on this page
ALanguage & i18nLang attribute presentPASS
Language & i18n
Lang attribute present
Lang attribute present
Info::
<html lang> attribute is present
Info::
<html lang> value is valid
Info::
No Content-Language HTTP header
Info::
Language signals are inconsistent
The <html lang> attribute and Content-Language header should agree.
Page Language DetectedContent-Language Header ——Consistent No—
The <html lang> attribute and Content-Language header should agree.
Why this matters
<html lang>, Content-Language, or og:locale disagree — pick one source of truth and align the others.
Learn more ▾ ▴
Browsers and assistive tech use different sources for language. When they disagree, behavior is undefined: some pronounce by <html lang>, some by Content-Language. Decide on the canonical language for the page and set all signals to match.
Source: WCAG 2.1 SC 3.1.1
A+Hreflang ConfigurationNo hreflang tags on this pagePASS
Hreflang Configuration
No hreflang tags on this page
No hreflang tags on this page
Info::
No hreflang tags found (single-language site)
A+Internationalization Extras1 i18n signal(s) detectedPASS
Internationalization Extras
1 i18n signal(s) detected
1 i18n signal(s) detected
Info::
Mixed-language content: 1 subtree language(s) declared (en)
The page has elements with `lang="X"` attributes that differ from the root `<html lang>`. Per WCAG 3.1.2 (Level AA), this is the correct way to mark language-of-parts: a screen reader switches pronunciation when entering a `lang="fr"` block on an English page. The catalog is informational -- presence of subtree lang attributes is a positive a11y signal.
A+Readability & TypographyFont sizes and tap targets checkedPASS
Readability & Typography
Font sizes and tap targets checked
Font sizes and tap targets checked
A+Viewport ConfigurationViewport properly configuredPASS
Viewport Configuration
Viewport properly configured
Viewport properly configured
Info::
Viewport meta tag is present
Info::
width=device-width is set
Info::
User zooming is allowed
Viewport Configuration Good
Content
width=device-width, initial-scale=1.0, viewport-fit=cover
width=device-width
Responsive layout enabled
initial-scale=1
Correct initial zoom level
User zooming allowed
Accessibility-friendly — users can zoom
A+Tracking Pixel InventoryNo tracking pixels detectedPASS
Tracking Pixel Inventory
No tracking pixels detected
No tracking pixels detected
Info::
No tracking pixels detected
A+Browser FingerprintingNo browser-fingerprinting libraries detectedPASS
Browser Fingerprinting
No browser-fingerprinting libraries detected
No browser-fingerprinting libraries detected
Info::
No browser-fingerprinting libraries detected
A+Beacon Tracking (sendBeacon)No navigator.sendBeacon usage detected in inline scriptsPASS
Beacon Tracking (sendBeacon)
No navigator.sendBeacon usage detected in inline scripts
No navigator.sendBeacon usage detected in inline scripts
Info::
No navigator.sendBeacon usage detected in inline scripts
A+Copyright Notice© 2026 Willy's · willysfoodPASS
Copyright Notice
© 2026 Willy's · willysfood
© 2026 Willy's · willysfood
Info::
Copyright notice is up to date
Copyright notice is up to date: © 2026 Willy's · willysfood
Got: © 2026 Willy's · willysfood
Info::
Copyright holder: Willy's · willysfood
Copyright Notice ✓ Up to Date
© 2026 Willy's · willysfood
Year 2026 Entity Willy's · willysfood
Regulatory Indicators1 regulatory indicator(s) detectedINFO
Regulatory Indicators
1 regulatory indicator(s) detected
1 regulatory indicator(s) detected
Info::
This is a technical scan, not a legal assessment
BeaverCheck detects technical indicators that may suggest regulatory relevance. This is not a compliance audit and should not be relied upon for legal decisions. Consult qualified legal counsel for compliance assessments.
Info::
PCI-DSS indicators detected (moderate confidence)
Indicators suggesting PCI-DSS may be relevant: Payment processor detected: js.stripe.com. Payment Card Industry Data Security Standard — applies to organizations handling credit card data.
Got: 1 indicators: Payment processor detected: js.stripe.com
This is a technical scan, not a legal assessment.
BeaverCheck detects technical indicators that may suggest regulatory relevance. This should not be relied upon for legal decisions. Consult qualified legal counsel.
PCI-DSS Moderate
Payment Card Industry Data Security Standard — applies to organizations handling credit card data.
Indicators detected
- Payment processor detected: js.stripe.com
Third-Party Data Sharing2 third-party service(s) detectedINFO
Third-Party Data Sharing
2 third-party service(s) detected
2 third-party service(s) detected
Info::
Data inventory for transparency purposes
This inventory identifies third-party services that receive data from your site visitors. Under regulations like GDPR (Article 30), maintaining records of data processing activities is commonly considered a best practice. This automated scan provides a starting point — it may not capture all data flows.
Info::
2 third-party services across 2 categories
2 third-party services detected across 2 categories: Payment (1), CDN (1). Each of these services receives some user data from your site visitors.
Info::
Stripe (Payment)
Detected via script URL. Typically collects: Payment card data (PCI-scoped), Transaction details. Privacy policy: https://stripe.com/privacy. Data Processing Agreement available.
Got: Category: Payment | Data types: Payment card data (PCI-scoped), Transaction details
Info::
Cloudflare (CDN)
Detected via cookie name. Typically collects: IP address (transient), Request metadata. Privacy policy: https://www.cloudflare.com/privacypolicy/. Data Processing Agreement available.
Got: Category: CDN | Data types: IP address (transient), Request metadata
Payment (1)
CDN (1)
Stripe Payment
Detected by: script URL
Data typically collected:
Payment card data (PCI-scoped)Transaction details
Privacy policy → DPA available ✓
Cloudflare CDN
Detected by: cookie name
Data typically collected:
IP address (transient)Request metadata
Privacy policy → DPA available ✓
This inventory identifies services receiving visitor data.
Under regulations like GDPR Article 30, maintaining records of data processing is commonly considered a best practice. This scan provides a starting point.
Readability Scores204 words, Flesch-Kincaid grade 11.1INFO
Readability Scores
204 words, Flesch-Kincaid grade 11.1
Readability Analysis (Flesch-Kincaid)
Grade Level
11.1
Grade 11 (high school)
Reading Ease
56
Fairly Difficult
Words
204
Sentences
9
All checks on this page are automated. Results are estimates - run targeted manual reviews when the score affects a release decision.