The proof is in the git history
Built by one person.
Months before it became headline news.
Christopher Edwards
Solo Founder, Renew EcoMe LLC
Cape Elizabeth, Maine
The Proof
Every date below is verifiable in our git history. We didn't pivot to accessibility after it became news — we were already there.
Mastwoods.ca goes live
Canadian GDPR routing infrastructure established on CanSpace — PIPEDA compliance + EU Article 45 adequacy months before the first scan
First commit
Supply Chain Auditor scaffolded
Payment Accessibility dual-engine built
WCAG 2.2 + European Accessibility Act coverage
16 WCAG violations found and fixed
Self-audited own site, Stripe checkout, and auth flows
Shopify launches Agentic Storefronts
We were already scanning payment iframes
3,117 ADA lawsuits reported for 2025
27% increase year-over-year — validates the problem we identified
Deep accessibility testing shipped
Keyboard navigation, screen reader simulation, error handling
GroundTruth launched
First tool tying corporate actions to executive orders + UN SDGs
Canadian sourcing scanner
Is It Canadian? — CUSMA compliance + Canadian content scoring via Mastwoods.ca
Stripe billing hub consolidated
Replaced Squarespace + Braintree + PayPal with a single Stripe Checkout Session flow on smartertariff.com
Enterprise Pro tier + lead gen engine
Klaviyo pipeline, teardown report lead capture, conversion tracking fixed
Unified scan: one URL, four dimensions
Checkout + Supply Chain + Domestic Sourcing + GroundTruth in a single scan session — 85+ domains on the live leaderboard
What We Built
Six products. One person. Every line of code written, deployed, and maintained solo.
Checkout Accessibility Audit
Tabs through your entire checkout, analyzes the accessibility tree, triggers form errors, tests payment iframes.
GroundTruth
The only tool tying corporate actions to specific executive orders and UN SDGs. Analyst, not activist.
Canadian Sourcing
CUSMA compliance, Canadian content verification, GDPR-adequate routing through Mastwoods.ca.
Geographic Intelligence
Detects Maine-Canada connections and maps state-to-nation supply chain relationships.
Disaster & Logistics Risk
Real-time disaster exposure and logistics vulnerability scoring for supply chain nodes.
Live Leaderboard
85+ domains tracked. Real data. Top issues chart. Scan history sparklines.
The Numbers
The Architecture
This isn't vibecoded. Every technical decision was deliberate — built by a PM who understands infrastructure, compliance, and the difference between a demo and production SaaS.
Canadian GDPR Routing (Live Since Dec 2025)
EEA API traffic routes through api.mastwoods.ca — a PHP proxy on CanSpace hosting, live since December 2025. Canada has GDPR Article 45 adequacy, so EU data never touches US servers. Vercel middleware reads x-vercel-ip-country to detect 30 EEA nations and rewrites on the edge.
Unified Scan Orchestration
One scan fires four parallel dimension analyses — Checkout Accessibility, Supply Chain, Domestic Sourcing, and GroundTruth. The useBackgroundScans hook manages statuses, caching, and tier enforcement (401 auth, 403 subscription) for each dimension independently.
SSE Streaming Scanner
The checkout accessibility scanner uses Server-Sent Events to stream WCAG violations in real time. A Playwright headless browser tabs through the entire checkout flow, analyzes the accessibility tree, triggers form validations, and tests payment iframes — all from a GCP Cloud Run backend with 2GB RAM and 10-minute timeout.
PII Stripping by Design
Every audit result is PII-stripped before persistence. The audit-logs API removes emails, phone numbers, and personal identifiers before writing to Supabase. GDPR compliance isn't an afterthought — it's in the data layer.
Consent-Gated Everything
Analytics, cookies, and third-party scripts only load after explicit consent. Google Ads Consent Mode V2 integration ensures ad measurement respects user choices. The cookie consent banner follows GDPR/CCPA/ePrivacy requirements with granular controls.
Smart Caching Architecture
Session-based caching with 30-minute expiry for scan results. Pre-cached demo audits for instant time-to-value. Free scan quota tracked via localStorage — no server-side tracking of anonymous users. Full value first, no gates.
Billing Consolidation
Consolidated from Squarespace + Braintree + PayPal into a single Stripe Checkout Session flow. Google OAuth users couldn't create Squarespace passwords — that killed conversion. One billing hub on smartertariff.com fixed it. Never re-fragment the funnel.
Multi-Domain Middleware
Next.js middleware handles geo-detection, EEA routing, domain redirects, and security headers in a single proxy layer. Custom domains (smartertariff.com, homespec.ai) route through the same Vercel project with per-domain logic.
The Stack
If I Can Do This
I built this before the birth of my first child — as a solo LLC founder with no parental leave to fall back on. Not a weekend project — a full-stack SaaS with real infrastructure, real compliance, and real customers in mind.
I'm a product manager by trade. One day I was reading a Terms of Service and wondered: if this checkout flow breaks for screen readers, does it break for AI agents too?That was my “aha” moment — no AI involved. Then I checked: am I late or early? I searched every competitor I could find — Deque, Siteimprove, accessiBe — and nobody was auditing checkout accessibility. Only then did I bring in Claude, Gemini, Google AI, and Perplexity to validate the market gap. They confirmed what I'd already seen: the EAA was in effect, AI agent commerce (Shopify, OpenAI, Google) breaks at the same points screen readers break, and not a single tool covered it. The first commit in March was the finale of months of research that started with one question about a ToS page.
So I built the scanner. Then the supply chain layer. Then the ethical transparency engine. Then the Canadian GDPR routing. Then the unified scan that ties it all together — one scan, four dimensions, full value upfront.
Every architectural decision on this page is real. The git history proves it. The mastwoods.ca proxy is live. The PII stripping is in every API route. The consent gates are in every analytics call.
I'm sharing the “secret sauce” because the mission matters more than the moat. If accessibility and transparency tools help more people, that's a win. Radical empathy isn't a tagline — it's the operating principle.
If a solo founder without parental leave can build this before his first child arrives, imagine what your team can do. The category is wide open. Let's make commerce better.
Open for work
I'm actively looking for product management, engineering, or founding roles where accessibility, compliance, and AI intersect. If your team needs someone who can ship a full-stack SaaS solo — let's talk.
Share this story
Know someone who should see this? Help spread the word.