Legal Disclaimers

The information technology consultancy services described below (“Services”) are offered by RBA, Inc. to its clients based on generally accepted industry practices, frameworks, standards, and methodologies available at the time the Services are performed. The Services are limited to the scope expressly agreed in writing and do not constitute a comprehensive review of all systems, processes, controls, risks, or vulnerabilities. The Services are advisory and evaluative in nature only and do not constitute legal advice, regulatory advice, compliance certification, attestation, assurance, or a guarantee of security, privacy, or regulatory compliance, and client consultation with legal counsel and other advisors is essential following RBA’s completion of the Services.

THESE SERVICES DO NOT AND ARE NOT INTENDED TO REPLACE A FORMAL DATA PROTECTION IMPACT ASSESSMENT (DPIA) AS REQUIRED BY GDPR ARTICLE 35, THE PRIVACY IMPACT ASSESSMENT (PIA) REQUIREMENTS OF SECTION 208 OF THE E-GOVERNMENT ACT OF 2002, OR OTHER FORMAL PRIVACY/DATA PROTECTION REGULATIONS OR INDUSTRY PROGRAMS.

Privacy, data protection, and cybersecurity laws and standards are subject to change. RBA, Inc. has no obligation to update findings, reports, or recommendations after completion of the Services unless expressly agreed in writing.

The RBA Data Privacy Auditor leverages proprietary technology and processes, fine-tuned across countless of digital assets and dozens of global systems, to detect and assess client privacy risks. This sophisticated engine goes beyond surface-level scanning by fully rendering complex web applications, dynamic content, and interactive elements to identify hidden data flows and compliance vulnerabilities that conventional tools routinely miss.

The RBA Data Privacy Auditor, with the backing of human-based oversight, is designed to identify, map, and help address a broad range of privacy risks and operational questions found within typical privacy questionnaires. While this service cannot and does not guarantee perfect coverage or legal sufficiency, it is engineered to maximize visibility and documentation regarding these issues, so clients can address gaps and comply with industry standards.

• The RBA Data Privacy Auditor is designed to maximize the scope and reliability of findings, but clients are responsible for interpreting and directly validating legal compliance, operational feasibility, and policy sufficiency in consultation with their legal counsel and information technology staff.
• Not all privacy processes (such as internal HR controls or non-public data flow practices) can be fully detected by this service, so manual review and cross-team collaboration remain critical to a comprehensive privacy program.

The RBA Digital Visibility Auditor helps organizations understand how effectively their digital experiences support being found, understood, and used by people, search engines, and AI-powered experiences by analyzing them through the combined lenses of accessibility, technical SEO, and generative engine optimization (GEO). Instead of running separate audits with overlapping scope, it unifies these signals— while simultaneously overlaying telemetry from popular analytics and insights tools—into a single, cost-effective, consolidated view of how humans, crawlers, and AI systems experience your content, so teams can prioritize the changes that matter most.

The RBA Digital Visibility Auditor, with the backing of human‑based oversight, is designed to surface and organize a broad range of accessibility, SEO, and GEO‑related issues and opportunities across typical digital experiences within the agreed scope. While it aims to maximize visibility into structural gaps and optimization areas, it does not and cannot guarantee legal compliance, specific rankings, traffic levels, AI citations, business outcomes or other analyses.

Audit findings represent a point‑in‑time assessment based on the configuration, environments, and content available during the engagement, and may not capture every issue, template, content variant, or user scenario. Changes made after the audit—by your organization, third‑party vendors, or platform updates—can introduce new issues or alter previously observed behavior, and RBA has no post-audit responsibility for monitoring or remediating those changes unless engaged to do so under a separate agreement.

Implementation of recommendations, selection of priorities, and any legal or regulatory interpretations remain the responsibility of the client and their counsel and other advisors. The RBA Digital Visibility Auditor is not a substitute for legal advice, accessibility certification, or regulatory determinations; clients should consult appropriate professionals (such as legal, compliance, privacy, or accessibility specialists) to evaluate how audit findings relate to specific laws, regulations, and internal policies (including but not limited to ADA/WCAG, privacy laws, or sector‑specific rules).

RBA’s use of applied AI is focused on accelerating analysis and drafting suggested improvements (for example, content alignment ideas, potential schema types, OG candidates, or alt‑text options), which are then reviewed by RBA and provided to the client as recommendations. Clients are responsible for deciding whether and how to implement these suggestions, validating them against brand, risk, and compliance requirements, and testing them in their own environments.