Frequently Asked Questions

An automated remediation system that uses multiple fix strategies (fast structural repair, OCR text extraction, and intelligent document analysis) to remediate PDFs for Section 508 with PDF/UA validation evidence. Each completed document is verified against industry-standard validators. The system automatically escalates to more advanced strategies when simpler ones don't satisfy the Section 508 gate.

One credit = one unique PDF processed through the advanced remediation pipeline, regardless of how many internal fix attempts are needed. If the same PDF appears at multiple URLs, it counts as a single credit (we use content-based fingerprinting to identify duplicates automatically). Simple structural fixes (tagging, metadata, bookmarks) are unlimited and don't consume credits.

Completed PDFs are verified for Section 508 using veraPDF PDF/UA-1 (ISO 14289-1) evidence where the checks are machine-testable. Documents that still need judgment, content decisions, or manual remediation are kept out of completed reporting and flagged for review.

Documents that can't be fully resolved are flagged for human review rather than shipped broken. You'll see these in your dashboard as "needs human review" with details about what the agent couldn't resolve. We work with your team to handle edge cases — complex forms, heavily stylized layouts, or documents that need content decisions a human should make.

PDFs are processed on isolated infrastructure (not shared multi-tenant). Fixed documents are stored in encrypted cloud storage (Cloudflare R2) accessible only through your authenticated dashboard. Original documents are fetched from your public website — we never access anything that isn't already publicly available.

Fixed PDFs remain available for download in your dashboard for the duration of your subscription. Processing artifacts (intermediate fix attempts, validation logs) are purged within 30 days. You can request deletion of all stored data at any time by contacting support.

No. We only access publicly-available URLs — the same content any visitor can see in a browser. No credentials, no admin access, no server-side agent, no firewall changes. The entire process runs from our infrastructure.

Not currently. Our infrastructure runs on Cloudflare (which holds FedRAMP Moderate authorization) and Fly.io. For agencies requiring FedRAMP authorization, we can discuss deployment options that meet your security requirements. Contact us at ada@appalach.info.

We maintain formal security policies aligned with SOC 2 Trust Service Criteria, including: Information Security Policy, Access Control Policy, Change Management Policy, Incident Response Plan, Business Continuity / Disaster Recovery Plan, Vendor Risk Management Policy, and Data Classification Policy. These policies are reviewed and approved by our founder and updated at least annually. Copies are available on request for procurement review.

Yes. Every significant action in the platform is recorded in a tamper-evident audit log, including: user logins, scan executions, PDF remediations, report generation, data exports, account changes, and administrative actions. Audit logs are retained for two years per our data retention policy and are available for compliance review.

Automated health checks run every 5 minutes across all infrastructure components — dashboard, PDF processing service, database, and workers. Checks include endpoint availability, stuck job detection, error rate monitoring, and brute-force detection. Alerts are triggered immediately when issues are detected, with daily digest reports summarizing system health. Our incident response plan targets detection within 10 minutes and initial response within 30 minutes.

We follow a formal data retention schedule: processing artifacts are cleaned up within 30 days, expired authentication tokens within 1 day, unverified trial accounts within 7 days, and failed scan data within 90 days. Audit logs are retained for 2 years for compliance purposes. Fixed PDFs remain available for the duration of your subscription. All retention is enforced through automated cleanup processes.

The dashboard and API run on Cloudflare Pages with D1 (SQLite) database and R2 encrypted object storage. Cloudflare holds FedRAMP Moderate authorization. PDF processing runs on Fly.io with isolated single-tenant compute — one PDF is processed at a time per machine. All data is encrypted in transit (TLS) and at rest. We do not use shared multi-tenant processing infrastructure.

Annual subscription, invoiced. The $4,800/year plan includes 500 PDF Agent credits. The $9,600/year Enterprise plan includes 1,500 credits, up to 3 sites, and priority processing. Both include unlimited structural fixes and 365 days of monitoring. No surprise charges — we notify you before any overage occurs.

Yes. We accept purchase orders, ACH, wire transfer, and check — the standard vendor-payment processes used by West Virginia government agencies. No credit card required. We provide a W-9 on request.

For smaller purchases, many public entities can use informal procurement. We can provide language for sole-source justification if needed, citing our specialized expertise in government website accessibility, our existing WV audit data covering 250+ entities, and our purpose-built PDF remediation technology. Contact ada@appalach.info for assistance.

We always notify you before overage charges apply. Overages are billed at $1.00 per additional PDF. For organizations with large document libraries (courts, BOEs with extensive meeting minutes), volume pricing is available. We'll work with you to find a fair arrangement — the goal is predictable costs, not surprise bills.

Yes. Our per-PDF remediation lets you pay per document with no subscription required. Graduated volume pricing starts at $4.00/PDF for the first 50 documents per month, dropping to $2.50 for documents 51–500 and $1.50 for 501+. Prepaid credit packs are also available (25, 100, 500, or 3,000 credits) at fixed per-unit rates with savings up to 58%. Smaller packs are under $2,500 and can often be purchased with a government P-card — no formal procurement needed. See per-PDF pricing details.

Every completed PDF is validated with veraPDF PDF/UA-1 evidence — the same tool used by the Library of Congress and European national archives. We check the machine-testable Matterhorn checkpoints including document structure, language declarations, annotation tagging, and related structural requirements. Results and unresolved review items are available in your dashboard.

The DOJ's 2024 final rule requires WCAG 2.1 Level AA conformance for web content. For PDF documents, we use Section 508 remediation backed by PDF/UA validation evidence. While we can't provide legal compliance certification (consult your counsel), the dashboard separates verified completed documents from anything that still needs manual or agent review.

Each remediated PDF includes a verification report showing: (1) the specific PDF/UA checkpoints tested, (2) pass/fail status for each, and (3) a timestamp of verification. This serves as technical evidence of conformance. For formal attestation needs, contact us about enterprise plans with compliance documentation support.

Quick Fix handles structural issues (missing tags, language declarations, bookmarks) — automated, instant, unlimited. OCR Remediate handles scanned/image-only PDFs that need text extraction — also unlimited. PDF Agent handles the hardest cases: complex layouts, tables, charts, and images that need intelligent analysis to produce correct alt text and reading order — tracked under your allocation because of the compute cost involved.