Every critical launch surface. Covered.
UXFN reviews the exact flows where SaaS launches fail: auth, email, checkout, and the details that your team is too close to see.
01 · Coverage
12 audit domains
Every review covers the same 12 domains. Critical flows get deeper scrutiny based on your launch stage and product type.
02 · Risk Categories
How we grade findings
Each finding is categorized by domain and graded by severity. Critical issues block launch. High issues should be resolved before go-live.
Authentication
Login, logout, session expiry, token handling, multi-device edge cases.
Email / OTP
Verification emails, OTP delivery & expiry, retry paths, spam classification.
Checkout
Payment form states, error handling, retry on failure, confirmation receipt.
Forms & validation
Client + server validation, inline errors, accessible error messages.
Mobile UX
Viewport behavior, touch targets ≥ 44px, no content behind fixed bars.
Release readiness
TypeScript, lint, build clean pass on release branch, no console errors.
03 · Access
What access we need
We keep access requirements minimal. You share only what is necessary to test the critical flows you identify.
Required
- Live URL or staging environment URL
- Test account credentials (username + password or magic-link test inbox)
- A brief note on which flows are critical to your launch
Optional
- Repository access (read-only) to review build, lint, and type configs
- Analytics read access to correlate findings with user drop-off data
- Previous QA notes or known-issue list
04 · Safety
Confidentiality & safety basics
NDA available
If required, we sign a standard mutual NDA before any access is granted.
Test-only access
We only use test accounts. We do not create real transactions, send real emails to non-test addresses, or modify production data.
No data retention
Screenshots and credentials are deleted 30 days after report delivery unless you request earlier deletion.
Secure credential handling
Credentials are shared via encrypted channel or one-time secret. Never in plain email.
05 · Out of Scope
What we do not cover
UXFN is a functional launch-risk audit. We are not an enterprise pentesting firm. The following are outside scope for this fixed-price offer:
- Deep security/penetration testing or CVE research
- Load testing and infrastructure scaling
- Backend code review or architecture audit
- Automated regression test suite creation
- Ongoing/continuous QA retainer work
If you need any of the above, we can point you to the right resources.
Ready to know what is at risk?
Request an audit and get a complete risk assessment in 5 business days. No call, no friction.