Most paid audits are a Loom recorded over a screen-share. A consultant scrolls through the store for an hour, narrates what they notice, and ships a video. The output is opinion at the speed of speech.
The Fortis Scan is built the opposite way. Every finding ties to a number. Every number ties to a window of time. Every claim about the live store ties to a screenshot.
When we audit a store and surface a finding we had not documented before, we add a check for it. When a check we have been running stops surfacing anything useful, we drop it. The Scan you receive is the current version of that checklist, not a finished product.
The order matters. The data tells us what to look for before we open the live store.
Data phases run first. The live store walkthrough runs after, because the data points us at what to verify. Synthesis runs last, never before a blocker is resolved or explicitly skipped.
We list every credential we asked for against what was granted. Anything missing is documented before we start, not discovered halfway through. Audit period defaults to 90 days.
Twelve baseline queries followed by seven deep queries against the Admin API. Orders, revenue, AOV, checkout completion, geography, repeat rate, top SKUs, sources, gateways for the trailing 90 days. The floor we build on.
Four buckets fall out. Out-of-stock bestsellers losing weekly revenue. Low stock at high velocity needing urgent replenishment. Slow movers with capital locked up. Dead stock with zero sales in 90 days. Pricing distribution and collection zombies on top.
We scan policy page bodies for the keywords each jurisdiction requires. We flag unrendered Liquid placeholders inside policies, which signal a broken page nobody noticed. We list discount codes with unlimited usage and high absolute value, the kind that get screenshotted on Reddit.
Every paid tool gets a TCO: licence plus founder time at internal rate plus hidden integration cost. A $49 app that eats four hours of founder time a month is not a $49 app. It is the number that goes in the report.
Homepage, collection page, top product detail page, cart drawer, checkout up to but not through payment, footer, full mobile flow at 375 pixel viewport. Page speed on three page types. Every finding that points at the live store ships with a dated screenshot, URL visible in the address bar.
Meta Ads Manager for ROAS, CPM, CPC, creative fatigue. GA4 for funnel conversion. Google Search Console for queries and ranking. Klaviyo flows for welcome conversion, abandoned cart recovery, deliverability. We document what we have. We flag what we do not.
Every finding gets a severity tag. P0 risk requiring action this week. P1 retainer angle worth months of work. P2 quick win. P3 test. Every finding gets a sample size check. Below 20 events is directional. Below 10 events is removed from the report before delivery.
Total focused work, access complete, lands between 6 and 7 hours. The 48 to 72 hour delivery window absorbs scheduling, a second pass, and screenshot annotation.
A finding with no dollar impact, no window, no sample, or no screenshot does not survive synthesis.
These are not stylistic preferences. They are the gates that decide whether a finding survives to the PDF.
Lifetime, last 90 days, last 30 days, or live. The window sits next to the number. A finding without a window is a finding that cannot be checked, and we treat it as invalid.
A pattern observed across fewer than 20 events is labelled directional. Fewer than 10 events and the finding is removed, even if the founder specifically asked about it. The bar is the bar.
Taken during the audit, URL visible in the address bar, saved to a dated folder we keep on file. If the screenshot does not exist, the finding does not appear in the report. No exceptions.
There is no proprietary engine. No black box. The mode used for each finding is stated next to the amount inside the report, so the reader can audit the math. The full framework lives on the methodology page.
The formula is written in plain language inside the report. Example: weighted average shipping margin gap per order in the under $80 bracket, multiplied by orders in that bracket over 90 days, annualized.
The gap between the store's observed rate and a published median for the vertical, applied to the relevant 12-month base. Source cited inline.
A published industry benchmark applied to the store's own observed volume. Conservative end of the range used. Benchmark source named.
Some findings have no defensible number. A privacy policy untouched since the GDPR deadline gets flagged with the risk written out and no recovery amount attached. We do not invent dollars we cannot defend.
Eight to twelve minutes, recorded after the PDF is finalized. The founder watches it once before reading the report, and the order of the findings, the severity tags, and the math conventions become immediately legible. After that, the PDF stands on its own.
We do not record the Loom during the audit. The PDF leads. The voice follows.
The Scan is the diagnostic. It is priced to stand alone and credited at 100% against a Seal if the upgrade happens within 14 days.
Reading policy page text, grouping discount codes by risk profile, comparing the store's metrics against patterns we have already documented. The AI does the first pass on those. A human reads what comes out, throws away what does not hold up against the hard gates, and writes the finding.
We use off-the-shelf models. We did not train our own. What we wrote is the prompts, the detection rules, and the scoring that make a generic model useful for auditing a Shopify store.
They are unimpressed by Looms and skeptical of decks. What persuades them is a document they can hand to an operator, an agency, or a freelancer, and have that person execute against without asking a follow-up question.
The Fortis Scan is built to be that document. Every finding ships with a number, a window, a sample, and a screenshot, because that is the format that survives the handoff.
The audit is the artifact. The artifact is the price.
The Fortis Scan covers everything described on this page in 48 to 72 hours after read-only access is granted.
See pricing → Read the methodology