Legal

Audit disclaimer

Last updated: July 15, 2026

Sills reports are evidence-based review aids. They are not certifications, guarantees, professional opinions, or proof that a product is secure, compliant, accessible, complete, defect-free, or production-ready.

Automated results are limited

Automated checks can identify evidence, failures, missing metadata, reachable states, and likely risks. Passing automated checks does not prove compliance, security, accessibility, quality, or absence of defects.

Tool failures, missing credentials, blocked routes, unavailable devices, incomplete test data, and uninspected workflows are limitations. They are not passing results.

Manual review remains required

Some questions require manual review, domain expertise, legal review, assistive technology testing, threat modeling, production observability, user research, or business judgement. A Sills report should label those requirements instead of pretending automation answered them.

Security and compliance

Sills security audits are passive reviews unless a specific workflow says otherwise. They are not penetration tests, vulnerability scans of every asset, legal compliance assessments, privacy impact assessments, SOC 2 audits, HIPAA reviews, PCI assessments, or regulatory certifications.

Accessibility findings may refer to WCAG or platform conventions, but Sills does not provide legal accessibility compliance advice.

Evidence and inference

Every finding should distinguish observed evidence, automated results, inference, and manual-review requirements. Treat recommendations as starting points for remediation, not as the only correct fix.

Release decisions

Sills can help identify release risks. Final release decisions remain with the people responsible for the product, its users, its legal obligations, and its operating environment.