Guides

Setting Up Lipi Enterprise Compliance Monitoring

Continuous font licensing audits for your website. This guide walks you through signup, your first audit, alerts, member management, and getting compliance proof you can hand to legal.

What You Get

  • Recurring scans — monthly on Monitor, weekly on Agency. Headless Chromium loads each page and captures every font that actually rendered.
  • Change detection — diff vs. the previous scan, with email and Slack alerts when fonts are added, removed, or shift in risk.
  • Risk classification — every font is tagged as self-hosted, system fallback, or CSS-declared, and scored by license risk.
  • Signed compliance certificates — exportable PDFs with verifiable hashes for every successful audit.
  • Members and audit log — invite legal, marketing, or your agency. Every action is captured with who, when, and from where.
  • 14-day trial — card required, cancel anytime before the trial ends and you won't be charged.

Step-by-Step

1

Start your trial

Head to /enterprise and click Start 14-day trial. You'll pick a plan, enter your card details via Stripe Checkout, and confirm the domain you want to monitor.

The domain you enter is locked at signup — we capture an attestation that you're authorized to scan it. To change it later, you submit a written request from the Subscription page; our team reviews it. This is a deliberate trust signal, not friction: foundries and customers should know we won't scan random domains.

Card is required to start the trial. Your first charge happens on day 15 unless you cancel. Cancel from the Subscription page's billing portal.
Lipi Enterprise landing page hero with the Start 14-day trial button
Pick a plan from the Enterprise landing page
Workspace setup form with Monitor and Agency plan picker, workspace name, domain, and authorization attestation
Confirm the workspace name, domain, and attestation
2

Review your URL list

After signup you land on a fresh audit in the awaiting_url_review state. We've already pre-fetched robots.txt and sitemap.xml for you.

Use this screen to:

  • Trim URLs you don't want to scan (admin pages, API endpoints, etc.)
  • Add URLs we missed manually — they must match your locked domain
  • Auto-discover more pages by crawling internal links (BFS, depth 3)

Whatever URL list you commit here becomes the baseline for this audit and for the first scheduled re-scan. You can adjust it later by running a fresh manual audit.

URL review screen showing the list of pages pulled from the sitemap, with Add and Auto-discover buttons
Review and edit the URL list before scanning starts
3

Run the first scan

Click Start audit. The page polls live status: each URL gets queued to a worker that loads it in headless Chromium, captures every font that actually rendered (including @font-face files, CDN fonts, and CSS fallbacks), and writes the result back.

When all pages finish, we aggregate the results — overall risk score, font count, per-font issues — and produce a PDF report plus a signed compliance certificate.

Audit detail page mid-scan showing live progress bar at 5 of 47 pages scanned
The page polls live as workers process each URL
4

Read the report

The audit detail page shows a summary card with overall risk, font count, and compliance score. From there you can:

  • Download the PDF report — full font inventory, per-page breakdown, license issues
  • Download the compliance certificate — short signed PDF for legal/clients
  • Drill into any URL to see exactly which fonts that page loaded
The certificate URL stays valid as long as the audit row exists. Keep the certificate hash if you need to verify authenticity later.
Workspace dashboard showing audit count, latest score, domain, next scan date, recent audits, and subscription summary
Workspace dashboard — your at-a-glance compliance state
Audit detail page showing compliance score 100, low overall risk, font inventory with provenance and risk badges, and download buttons for the PDF report and certificate
Drill into any audit to see the full font inventory and risk classification
Compliance certificate PDF for lipi.ai showing compliance score, low risk badge, validity dates, verification URL, signature, and audit ID
A signed compliance certificate is generated for every successful audit
5

Configure alerts

On the Subscription page, scroll to Alert channels. You can configure:

  • Up to 5 email addresses (alert recipients per scan)
  • One Slack incoming webhook URL (must start with https://hooks.slack.com/)

Alerts only fire on scheduled scans (not manual ones), and only when there's an actual change to report — no noise on identical scans. You'll get an email summary with added/removed fonts and a link to the full report.

Alert channels card on the Subscription page with email recipient list and Slack incoming webhook URL field
Configure email recipients and a Slack webhook for change-detection alerts
6

Invite teammates

On the Members page, send invites by email. Pick a role:

  • Owner — full control including billing and member management
  • Admin — everything except billing
  • Member — can run audits, configure alerts
  • Viewer — read-only (great for legal and external auditors)

Invites are valid for 14 days. The recipient gets a link, signs up or signs in, and they're in. Every invite, accept, role change, and removal is captured in the audit log.

Members page showing the Invite a teammate form with role selector and the Active members list including the workspace owner
Invite teammates by email and assign their role
7

Watch the activity log

The Audit log tab is your trust ledger. Every meaningful event is recorded with actor, timestamp, IP, and user agent — including:

  • Audits started, finished, or failed
  • Members invited, joined, role-changed, or removed
  • Billing portal opened, alert channels updated
  • Domain change requests submitted
  • Lipi staff actions on your workspace (clearly tagged as lipi_admin)

Owners and admins can export the full log as CSV for compliance archives.

Activity page listing recent workspace events including org created, audit started, certificate downloaded, and report downloaded — with timestamps, actors, and event types
Every action is captured with actor, timestamp, and event type

How Recurring Scans Work

Once you've completed at least one successful audit, the daily scheduler will trigger re-scans automatically:

  • Every day at 06:00 UTC, we check which workspaces are due for a scan.
  • For each due workspace, we re-scan the URL list from your most recent successful audit (so we're comparing apples to apples).
  • When the scan completes, the aggregator computes the diff vs. the previous baseline.
  • If anything changed and you have alert channels configured, the notifier sends email + Slack.
  • Your next_scan_date bumps forward by 30 days (Monitor) or 7 days (Agency).

Need to scan in between cycles? Use the New audit button on the Audits page. Manual audits also become the new baseline for the next scheduled run.

Troubleshooting

My scan is stuck on `awaiting_url_review`

That's the editing state — it stays there until you click Start audit. We don't auto-start scans because URL list changes affect every future scheduled run. Review the list, then start.

My alerts aren't firing

Alerts only fire on scheduled scans, not manual ones. They also only fire when the diff is non-empty. To force a test, configure your alert channels and wait for the next scheduled run, or contact support.

The Slack webhook says invalid

Webhooks must start with https://hooks.slack.com/. Generic HTTPS endpoints aren't accepted on the Monitor or Agency tiers. For custom webhook destinations, ask about Enterprise.

I need to change the locked domain

Open the Subscription page and submit a domain change request from the Domains card. Our team reviews requests within 1 business day. The request is captured in your audit log so you have a paper trail.

My report says fewer pages were scanned than I added

Some URLs may have failed to load (404s, timeouts, blocked by your CDN). Check the audit detail page's per-URL status to see which ones failed. Re-running the audit usually clears transient failures.

I want to cancel

From the Subscription page, click Open billing portal and cancel there. During the trial, cancellation prevents any charge. After the trial, cancellation takes effect at the end of the current billing period — you keep access until then.

Next Steps

Start your trial

Pick a plan and lock in your domain.

Talk to us

Custom contracts, larger sites, or anything else.