Skip to main content
UXFN
//Scope
ASYNC.REVIEWSTATUS: ACTIVE

Every critical launch surface. Covered.

UXFN reviews the exact flows where SaaS launches fail: auth, email, checkout, and the details that your team is too close to see.

01 · Coverage

12 audit domains

Every review covers the same 12 domains. Critical flows get deeper scrutiny based on your launch stage and product type.

Authentication & session handling
Email delivery & OTP flows
Password reset & account recovery
Checkout & payment flows
Forms: validation, errors, edge cases
Mobile responsiveness & touch targets
Accessibility basics (WCAG 2.1 AA)
Release readiness: build, lint, types
Notification & confirmation flows
Onboarding funnel & first-run UX
Critical path performance (LCP/INP)
Common security surface checks

02 · Risk Categories

How we grade findings

Each finding is categorized by domain and graded by severity. Critical issues block launch. High issues should be resolved before go-live.

AUTHCritical

Authentication

Login, logout, session expiry, token handling, multi-device edge cases.

MAILCritical

Email / OTP

Verification emails, OTP delivery & expiry, retry paths, spam classification.

CHKOUTHigh

Checkout

Payment form states, error handling, retry on failure, confirmation receipt.

FORMSHigh

Forms & validation

Client + server validation, inline errors, accessible error messages.

MOBILEMedium

Mobile UX

Viewport behavior, touch targets ≥ 44px, no content behind fixed bars.

RELMedium

Release readiness

TypeScript, lint, build clean pass on release branch, no console errors.

03 · Access

What access we need

We keep access requirements minimal. You share only what is necessary to test the critical flows you identify.

Required

  • Live URL or staging environment URL
  • Test account credentials (username + password or magic-link test inbox)
  • A brief note on which flows are critical to your launch

Optional

  • Repository access (read-only) to review build, lint, and type configs
  • Analytics read access to correlate findings with user drop-off data
  • Previous QA notes or known-issue list

04 · Safety

Confidentiality & safety basics

  • NDA available

    If required, we sign a standard mutual NDA before any access is granted.

  • Test-only access

    We only use test accounts. We do not create real transactions, send real emails to non-test addresses, or modify production data.

  • No data retention

    Screenshots and credentials are deleted 30 days after report delivery unless you request earlier deletion.

  • Secure credential handling

    Credentials are shared via encrypted channel or one-time secret. Never in plain email.

05 · Out of Scope

What we do not cover

UXFN is a functional launch-risk audit. We are not an enterprise pentesting firm. The following are outside scope for this fixed-price offer:

  • Deep security/penetration testing or CVE research
  • Load testing and infrastructure scaling
  • Backend code review or architecture audit
  • Automated regression test suite creation
  • Ongoing/continuous QA retainer work

If you need any of the above, we can point you to the right resources.

CMDEXEC
System Command

Ready to know what is at risk?

Request an audit and get a complete risk assessment in 5 business days. No call, no friction.