What we measure. What we won't. And how to ask us to stop.

What an audit involves, technically

• One Chrome render of your homepage. Same kind of request a single human visitor would make — fired once, with a normal browser user-agent.
• A single screenshot of the viewport you've already made public.
• A read of your publicly published files: robots.txt, sitemap.xml, llms.txt — the files you have explicitly told the world to read.
• A measurement pass over the post-JS DOM, the rendered CSS, and a quantised version of the screenshot — none of which produces or stores anything resembling your content.
• No login attempts. No credential reuse. No bypass of authentication walls. If your page returns 401 / 403 / a paywall, the audit ends there.
• No retries on success. Most sites see exactly one Fanalis request per audit. The result is then cached for 24 hours.

What we never do, and never will

• Publish your screenshot publicly. Screenshots live on unguessable storage URLs accessible only to people we send the audit link to.
• Reproduce your content. We emit a number and a list of measurement properties; we do not republish your copy, your imagery, or your HTML.
• Hammer your servers. One audit = one request.
• Bypass robots.txt. If you tell us not to crawl your site via User-agent: FanalisBot / Disallow: /, we don't.
• Bypass authentication. If your page requires a login, we don't fake one.
• Sell your data. Our customers pay for their own audits, not for access to other people's scores.

What appears publicly when someone audits your site

Nothing — unless your site owner publishes it. Audits land private by default. The report URL exists but returns 404 to anyone who doesn't hold the link. Your domain does not appear on /library, /leaderboard, or the public recent-audits feed.

To publish a public report, the auditor must prove they own the domain by adding a DNS TXT record we issue them — same ownership-proof model Google Search Console, Cloudflare, and Let's Encrypt use. Without that TXT record, the audit stays private. If you own a domain and you don't want anyone publishing audits of it on Fanalis, you simply never add the record — and no third party can.

What we measure regardless of publication: the same things Lighthouse / PageSpeed Insights measure on any URL. What never leaves our database without owner consent: anything identifiable in your report.

How to ask us to remove your site's audit

Email invincibleinventor@gmail.com from an address ending in your site's domain (e.g. anyone@yoursite.com requesting yoursite.com). Include the audit URL or domain name. We take it down within 48 hours, no questions asked, no explanation required.

You can also block us pre-emptively by adding the following to your robots.txt:

User-agent: FanalisBot
Disallow: /

Our crawler sends User-Agent: FanalisBot/1.0 (+https://fanalis.in) and respects Disallow directives before the render begins. If you block us, attempted audits return a clean "site declined audit" response and no measurement runs.

The legal short version

We rely on the same line of cases that protect Lighthouse, PageSpeed Insights, and search-engine crawlers: hiQ Labs v. LinkedIn (9th Cir. 2022) on the legality of accessing public data, Field v. Google (D. Nev. 2006) and Authors Guild v. Google (2d Cir. 2015) on the fair use of measurement and indexing. We do not assert any copyright or affiliation with the sites we audit. The findings and score are our own work product, derived from public inputs.

Nothing on this page is legal advice. If you disagree with our read of the law, email invincibleinventor@gmail.com and we'll have the conversation.

Changes to this policy

Last updated 24 May 2026. When this policy changes materially, we'll note it in our changelog and date it here.