Methodology

Automated. Exhaustive. Actionable.

From domain submission to developer-ready dossier — here is exactly what happens inside a Verimont diagnostic, at each stage, in the order it occurs.

01

Domain Submission

You submit a corporate domain. No installation. No access credentials. No disruption to your infrastructure. Our engine works entirely from the outside — the same vantage point a regulator or journalist would use.

What We Collect at Submission

  • Root domain and all discoverable subdomains
  • Organisation name and estimated scale (for pricing tier)
  • Contact email for dossier delivery
02

Automated Threat Assessment

Our engine performs a multi-layered scan across all four four-vector vectors simultaneously. Every intercept is timestamped and preserved as evidence — the same kind of documentation that appears in regulatory enforcement records.

What the Engine Examines

  • Live tracking payload interception on page load
  • Cookie execution timing relative to consent signals
  • Privacy documentation parsing (all public URLs)
  • DNS trace and server geolocation analysis
  • CDN jurisdiction and cross-border routing
  • Subject Access Request pathway testing
  • Data deletion and portability mechanism audit
03

Executive Dossier

Every finding is documented with observed evidence — not inferences. Your engineering team receives exact script names, line references, and remediation parameters. Your legal team receives a structured liability map they can act on immediately.

What the Dossier Contains

  • Executive summary with composite risk score
  • Full four-vector matrix — one section per vector
  • Observed evidence with timestamped intercept data
  • Regulatory statute citations for each deviation
  • Developer-ready remediation parameters
  • Partner referral (where applicable)
04

Partner Remediation

Verimont is a diagnostic firm. We identify the failures. For organisations that need external expertise to fix them, we connect you directly to a network of certified privacy lawyers and compliance engineers who work from your dossier.

We receive a referral fee for successful connections. You are not billed for this — it is our incentive to ensure the dossier we produce is actionable enough that partners can act on it immediately.

Partner Network

  • Certified Quebec and federal privacy counsel
  • PIPEDA compliance engineers
  • Cookie consent platform integrators
  • Data sovereignty infrastructure specialists

From Submission to Dossier

T + 0
Domain Submitted
Scan queued. Confirmation sent to provided email.
T + 15 min
Preliminary Findings
Free executive teaser delivered. Critical failures disclosed.
T + 2–4 hrs
Full Dossier Ready
Complete 4-vector report available upon payment.
T + 60 days
Refund Window
If exposures remain unpatched, full refund issued. No questions.

Start with a free preliminary scan.

No credit card. No account. Confidential.