The criteria under which we would shut this product down.

Scan accuracy floor

ThresholdIf sustained false-negative rate on critical or serious WCAG criteria exceeds 15 percent (measured against an independent reference site set, validated quarterly), we pull the affected scanner version and revert to the prior pinned version pending review.

WhyA scanner that misses critical findings produces a documentation chain that records a clean audit when there should be open findings. That is the opposite of the trust posture.

Statement publish guard

ThresholdAny single confirmed instance of a customer publishing conformance status full while critical or serious findings remain open, without an explicit override in the audit log, triggers a Sev 1 incident. Three confirmed instances in a calendar year sunset the conformance-statement feature pending engine review.

WhyThe publish guard is the load-bearing structural commitment. A customer publishing full when findings are open is the overlay-vendor failure pattern in miniature. The guard exists to prevent that exact outcome.

Quickscan fallback labeling

ThresholdIf the quickscan fallback ever ships without the explicit catches-about-30-percent label, that is a Sev 1 silent-degradation incident. Two confirmed instances sunset the quickscan path.

WhySilent degradation is the failure pattern. A quickscan finding that looks like an axe-core finding will get treated like one. The label is what keeps the documentation chain honest.

Regulatory change response window

ThresholdIf a material regulatory change (DOJ ADA Title III rule update, WCAG 2.2 ratification, state-level accessibility mandate) requires a product change to remain useful, we either ship the change within 90 days of effective date or sunset operations in the affected jurisdiction.

WhyCompliance products that lag the regulation become legal liabilities for the customer. Faster than 90 days is fine. Slower is not.

DSAR fulfillment

ThresholdIf we cannot fulfill a verified data subject access or deletion request within 30 days, we publicly disclose the failure and engage outside counsel. Two unresolved DSAR failures in a calendar year sunset the affected scope.

WhyThe documentation chain is the customer's record. If we cannot produce or delete it on request, we have broken the basic contract.

Audit log and evidence retention

ThresholdAny single confirmed instance of audit log mutation (deletion of a row, alteration of a finding source, gap in the append-only sequence) triggers a Sev 1 incident with direct customer notice. Two confirmed instances in a calendar year sunset the product.

WhyThe audit log is what makes the documentation court-defensible. If it can be tampered with, every other commitment becomes unverifiable.

Customer-reported integrity concerns

ThresholdIf customer-reported integrity concerns exceed 10 percent of the active customer base in a single quarter, we trigger an external review. If the external review confirms a structural integrity problem, we sunset the affected feature or the product as warranted.

WhyCustomers who care enough to flag integrity concerns are typically the ones whose lawyers are paying attention. The signal is more reliable than internal self-assessment.

Annual third-party audit findings

ThresholdAny finding from the annual independent third-party audit that is not resolved or formally accepted with mitigation within 180 days triggers public disclosure. Critical findings unresolved at 365 days sunset the affected feature.

WhyThe annual audit is the structural commitment that ties our revenue to the quality of our work. Letting findings rot is the failure pattern.

Pricing-rigor breach

ThresholdIf commercial pressure ever requires shipping under terms that violate the Trust Principles (any form of compliance certification badge, AI-generated audit findings, customer attestation as proof of compliance), we sunset rather than ship. We do not amend the Trust Principles to enable a deal.

WhyThe Trust Principles are constraints, not goals. Loosening them to close revenue is the failure pattern this whole framework defends against. The overlay-vendor collapse is the proof.

Capacity overrun

ThresholdIf we onboard customers faster than we can meet the published response SLAs (privacy email, AUP enforcement, incident response, scan-result correctness), we pause new-customer onboarding until staffing catches up.

WhyThe SLAs are commitments, not aspirations. Breaking them quietly because we are growing is the volume-business failure mode.