Compliance Report
A standing snapshot of how this site measures against the standards we hold ourselves to. Audited by the Vigil compliance engine.
Accessibility
WCAG 2.2 AA
Lighthouse a11y target: 95+
Privacy
GDPR / CCPA
Consent-gated analytics
Cookies
Consent Mode v2
GPC honored automatically
Security
A+
HSTS, CSP, X-Frame, etc.
Accessibility (ADA / WCAG)
Our target is conformance to WCAG 2.2 Level AA across every public URL. Each page passes automated checks (Lighthouse, axe-core, pa11y), uses semantic landmarks, exposes a skip-to-main-content link as the first focusable element, and respects the user's prefers-reduced-motion setting. Read our full Accessibility Statement.
Privacy (GDPR / CCPA)
We collect only the personal information you provide through our contact form (name, email, phone, message) plus IP address for spam prevention. We do not sell, trade, or rent personal information to third parties. California residents can exercise their right to opt out of sale or sharing. EU/EEA visitors are protected by our Privacy Policy and consent-gated analytics.
Cookies (Consent Mode v2)
All non-essential cookies (analytics, advertising, personalization) default to denied until you explicitly accept. We honor the Global Privacy Control (GPC) signal automatically. Adjust your choice anytime through the link in our footer. See the Cookie Policy for the full cookie inventory.
Security Headers
The following HTTP security headers are enforced on every response: Strict-Transport-Security (HSTS with preload), Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Our nginx configuration also suppresses server version disclosure (server_tokens off) and redirects all www traffic to the apex domain.
Compliance posture audited by the Vigil engine. For questions or to report an issue, contact admin@ideaforgestudios.com.