Lyrapro is a website audit platform developed and operated by PMW Communications Limited. This page summarises what the platform currently does, the third-party paid and free APIs it relies on, the hosting provider that holds its data, how it positions against the competitive landscape, the target market it serves today, and what is on the development roadmap.
The platform is currently in a controlled early-access phase, offered free of charge to a select group of PMW clients and contacts. A commercial access model is in development.
A user submits a URL; the platform crawls the site, runs over 130 automated checks across SEO, performance, security, and content, then produces a prioritised report with AI-generated recommendations and affected-page lists. Results can be exported as PDF, CSV, or Excel.
The audit engine combines what would typically require five or six separate specialist tools (technical SEO crawler, performance tester, security scanner, content analyser) into a single integrated report. Findings are prioritised by impact and effort, and the AI summary embeds in-report navigation links so the reader can jump from a top-level recommendation straight to the relevant detail.
The platform draws on two paid third-party APIs (Anthropic Claude for AI summaries and Keywords Everywhere for keyword volume data) and four free third-party services (Google PageSpeed Insights, Google Safe Browsing, OpenPageRank, and the open-source Puppeteer and Playwright libraries running locally) to gather the data behind each audit. The application, database, and supporting infrastructure are hosted on Railway. Each of these third-party relationships is documented in detail below for legal review.
A full set of legal pages is published on the platform: Terms of Service, Privacy Policy, Disclaimer, and About Our Crawler.
Lyrapro integrates two commercial third-party APIs that are central to the platform's functionality. Both are operated under paid commercial licences, governed by the respective providers' API Terms of Service and Privacy Policies. Solicitors should review those terms directly alongside this summary.
claude-haiku-4-5-20251001Commercial relationship: Pay-per-use API. PMW holds a paid Anthropic API account. The API key is stored as a server-side environment variable (ANTHROPIC_API_KEY) and is never exposed to end users.
How it is used: At the end of each audit, the platform compiles a structured summary of audit findings and sends it to Anthropic's API. Claude processes this and returns a natural-language prioritised action plan, which is displayed within the audit report.
What data is transmitted to Anthropic:
Cost structure: Billed per token (units of text processed). The platform tracks input and output token counts per audit in its own database for internal cost monitoring.
Key legal considerations:
https://api.keywordseverywhere.com/v1/Commercial relationship: Credit-based API. PMW holds a paid Keywords Everywhere account. The API key is stored as a server-side environment variable (KEYWORDS_EVERYWHERE_API_KEY) and is never exposed to end users.
How it is used: When a user runs an audit, the platform optionally queries the Keywords Everywhere API to retrieve estimated monthly search volumes for keywords detected on the audited site, and to pull traffic estimates for the audited domain. This data enriches the SEO section of the report with real-world search demand figures rather than estimates.
Endpoints called:
/get_keyword_data — keyword volume lookups (batched, max 100 keywords per request)/get_domain_keywords — domain-level traffic and keyword estimates/account/credits — credit balance checkWhat data is transmitted to Keywords Everywhere:
Cost structure: Credit-based. Each keyword lookup consumes credits at a rate set by Keywords Everywhere. The platform tracks credits consumed and estimated cost per audit in its own database. Approximate rate: $0.0001 per credit ($10 per 100,000 credits). Keywords Everywhere pricing tiers and credit rates are set by the provider and may change.
Caching: To minimise API credit consumption, keyword volume results are cached server-side. Identical keyword queries within a cache window return stored results rather than making a new API call.
Key legal considerations:
| Anthropic Claude | Keywords Everywhere | |
|---|---|---|
| Provider jurisdiction | USA | UK |
| Data sent | Aggregated audit findings, audited URL | Domain name, keyword strings |
| Personal data transmitted? | No | No |
| PMW licence type | Commercial pay-per-use | Commercial credit-based |
| API key location | Server env var (Railway) | Server env var (Railway) |
| Usage tracked internally? | Yes — tokens + cost per audit | Yes — credits + cost per audit |
| UK GDPR Article 46 applies? | Yes (US transfer) | No (UK company) |
Both integrations are optional in the sense that the platform degrades gracefully if an API key is absent — audits complete without the AI summary or keyword volume data respectively. However, in normal operation both are active and billable.
In addition to the paid integrations above, Lyrapro uses several free third-party services and open-source libraries to gather audit data. While these incur no licence cost, they still process data on behalf of the platform and remain subject to their providers' terms of service. Solicitors should review the relevant terms alongside this summary.
https://www.googleapis.com/pagespeedonline/v5/runPagespeedHow it is used: The platform submits each audited URL to PageSpeed Insights, which runs Google Lighthouse against the page on Google's own servers and returns Core Web Vitals scores, Lighthouse audit results, and field data from the Chrome User Experience Report (CrUX). This is the authoritative source for the performance section of the audit.
What data is transmitted to Google:
Key legal considerations:
GOOGLE_API_KEY) and never exposed to end usershttps://safebrowsing.googleapis.com/v4/threatMatches:findHow it is used: The platform submits the audited domain to Google Safe Browsing, which returns any known threat classifications (malware, phishing, unwanted software, social engineering). This forms part of the security section of the audit report.
What data is transmitted to Google:
Key legal considerations:
GOOGLE_SAFEBROWSING_API_KEY)https://openpagerank.com/api/v1.0/getPageRankHow it is used: The platform queries OpenPageRank for the domain authority (a 0–10 PageRank-style score) of the audited domain. This provides a third-party authority signal in the SEO section of the report without requiring a paid backlink-index subscription (Ahrefs, Moz, Majestic).
What data is transmitted to OpenPageRank:
Key legal considerations:
Important distinction: Puppeteer and Playwright are open-source headless browser libraries that run on the platform's own server infrastructure (Railway). They are not third-party API services — no data is transmitted to Google, Microsoft, or any other external party in order to use them. They function as automated Chromium browsers running locally within the platform's own environment.
How they are used: The platform uses Puppeteer and Playwright to render pages of the audited website with full JavaScript execution. This allows the audit engine to detect issues that only appear after client-side rendering — JavaScript-dependent content, dynamic forms, lazy-loaded images, and similar.
What data is transmitted externally:
Key legal considerations:
| Service | Provider | Data sent | PII transmitted? |
|---|---|---|---|
| PageSpeed Insights | Google (USA) | Audited URL | No |
| Safe Browsing | Google (USA) | Audited URL | No |
| OpenPageRank | DomCop | Audited domain | No |
| Puppeteer / Playwright | Self-hosted libraries | None (runs locally) | N/A |
As with the paid integrations, the platform degrades gracefully if any free API key is absent — the corresponding section of the audit (performance, security threats, or domain authority) simply isn't populated. Puppeteer and Playwright, being local libraries, are core to the audit pipeline and are not optional.
The platform's application servers, database, and supporting services are hosted with a single third-party infrastructure provider. As this provider holds the platform's user data and audit records at rest, the legal and data-protection position is material and is summarised below for solicitor review.
What Railway hosts: Railway hosts the platform's entire production and development environment, including:
What user data is stored:
Data residency: Railway operates infrastructure across multiple regions (US-East, US-West, EU-West, Asia-Southeast). The specific deployment region for the platform's services should be confirmed in the Railway dashboard. For UK and EU user data, an EU region (e.g. EU-West) is the appropriate selection — this should be audited against the current production configuration before any commercial launch.
Security and access:
Key legal considerations:
As Railway holds all user data at rest, it is the single most material third-party relationship from a data-protection perspective. The position should be reviewed in detail — in particular the deployment region, the DPA, and the sub-processor list — before the platform moves out of early-access and accepts external paying customers.
The website audit and SEO tooling market splits into roughly six categories. Lyrapro intentionally crosses several of them rather than specialising in one.
| Category | Representative Tools | Lyrapro Overlap |
|---|---|---|
| Full-suite SEO platforms | Ahrefs, Moz Pro, SE Ranking, Serpstat, Sitechecker.pro, SearchAtlas, SISTRIX, Searchmetrics | Partial — site audit only, no rank tracking or backlink index |
| Desktop crawlers | Screaming Frog, Sitebulb, SEO PowerSuite | Full crawl overlap; Lyrapro adds AI summary and cloud delivery |
| Cloud crawler / monitoring | Lumar, JetOctopus, ContentKing, Botify, OnCrawl, Siteimprove, Ryte | Partial — Lyrapro is audit-on-demand, not continuous monitoring |
| Entry-level report tools | Seoptimer, WooRank, HubSpot Grader, Ubersuggest, Morningscore, Seomator, WebsiteAudit, Auditest, SiteRooster, FreeSiteAudit, Webpulls, Seobility | Full overlap; Lyrapro significantly deeper |
| Performance-only | GTmetrix, WebPageTest, DebugBear, Calibre, SpeedCurve, Treo.sh | Subset; Lyrapro includes Core Web Vitals within a wider audit |
| Security-only | SecurityHeaders, SSL Labs, Sucuri SiteCheck, Detectify, Mozilla Observatory | Subset; Lyrapro includes security within a wider audit |
| Accessibility-only | WAVE, Tenon, Deque axe, AccessiBe, UserWay, EqualWeb | Out of scope |
| WordPress SEO plugins | Yoast Premium, Rank Math Pro, AIOSEO Pro | External audit complements (does not replace) on-site plugins |
| Content tools | Surfer SEO, Clearscope, MarketMuse, NeuronWriter, Frase, Writesonic | Out of current scope; some overlap on roadmap (10x content ideas) |
| Link analysis | Majestic, CognitiveSEO, LinkResearchTools | Out of scope |
| Enterprise monitoring | ContentSquare, Optimizely, Splunk, Site24x7, Datadog | Out of scope |
llms.txt file for AI model access control — an emerging standard that most tools have not yet implemented.Supporting reference
A detailed feature-by-feature comparison against the competitor set is maintained in the following working document:
docs.google.com/spreadsheets/d/1Jf53ET0WfTEJ5P_NbRLak8yTkGeEhd6qN2hPHSDD3SQ
The audit engine currently implements over 130 distinct checks across the following categories.
In its current form — primarily a comprehensive on-page audit tool — Lyrapro addresses ten distinct buyer types. These personas reflect the segments most likely to derive immediate value from the platform at the early-access stage.
Who they are: An internal account manager at PMW Communications fielding inbound new-business enquiries by phone, email, or web form. Often the first human contact a prospect has with the agency. Needs to qualify the lead, demonstrate immediate value, and steer the conversation toward a paid engagement — all within the first call.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits during sales calls and immediately after to support follow-up. The audit is a sales tool first and a deliverable second — used to convert enquiries into engagements. Likely to be the highest-frequency internal user of the platform.
Who they are: A self-employed designer building websites for local businesses and SMEs. Technically competent but not an SEO specialist. Clients increasingly ask 'why aren't we ranking?' in the weeks after launch, and the designer has no credible answer.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Likely to run one audit per client project at the point of handover, and again after major updates. Values speed and presentability of output over deep technical control.
Who they are: An owner or account lead at a small (2–10 person) generalist or design-led agency. The agency offers web design, social, content, or PR — but does not have a dedicated SEO specialist on the team and does not subscribe to enterprise SEO platforms. Clients increasingly ask SEO and site-health questions the agency is not equipped to answer.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits for new business pitches, client onboarding, and as part of quarterly account reviews. The PDF is the primary deliverable. Values presentability, accessibility for non-specialists, and the ability to produce credible output without specialist staff.
Who they are: A marketing manager at a 20–100 person company with no dedicated SEO resource. Responsible for all digital marketing, with a WordPress site maintained by an external developer and limited technical vocabulary.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs a site audit once or twice a year, or when organic traffic drops unexpectedly. The PDF is their primary deliverable — used both for developer briefings and for management reporting.
Who they are: A former agency SEO who went independent, managing a client roster of 8–15 businesses. Uses a mix of tools for different tasks and needs a fast, thorough, defensible audit for client deliverables and new business pitches.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs a full audit at the start of every new client engagement and uses the output as the foundation for the first three months of recommendations. Also uses audits as a prospecting tool — running a free audit for a prospect and sharing the summary.
Who they are: A developer specialising in WordPress builds and maintenance retainers, managing 20–50 live sites. Familiar with plugin management, theme customisation, and site performance. Frequently inherits sites with unknown plugin histories and unexplained issues.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs a full audit when onboarding a new maintenance client and on a quarterly basis for active retainers. Uses the plugin conflict report as the primary deliverable to justify ongoing maintenance fees.
Who they are: An owner-operator of a local service business — solicitor, accountant, estate agent, tradesperson, or clinic. Has a website built by an agency or a relative, pays monthly for 'SEO', and doesn't understand what is being done or whether it is working. The website is the primary source of inbound leads.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Most likely to run one audit, read the summary, and take the PDF to a conversation with their agency or developer. Values simplicity and actionability above all else.
Who they are: A digital manager at an online retailer running WooCommerce, Shopify, or a custom platform. Responsible for site performance, product SEO, and conversion rate. The site has hundreds or thousands of product pages, and technical SEO problems compound at scale.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits after major site updates (catalogue migrations, theme changes, platform upgrades) and uses the affected-pages exports to create developer tickets directly.
Who they are: A technical or non-technical founder at an early-stage company. Has launched a marketing site or early product, wants organic traffic but has no SEO budget, and is acting as their own webmaster.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs a site audit at launch and again after each major development sprint. Values clarity and prioritisation — the founder wants to know the three most important things to fix, not a list of 130.
Who they are: A PR agency managing digital brand presence for a portfolio of clients. Handles press, content strategy, and digital channels. Website health is increasingly relevant to brand reputation, authority signals, and digital PR outcomes.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits quarterly for key clients and includes the AI summary in account review documents. The shareable link is the primary output — not the raw data.
Who they are: A digital marketing or web team at a university, college, or further education provider. Manages a large, multi-department website with decentralised content ownership across dozens of departments and microsites. SEO, performance, and security standards are a core concern at institutional scale.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs a full site audit ahead of governance reporting cycles and after major CMS migrations. The PDF is shared with the Head of Digital and the institutional IT team. Affected-pages exports are distributed to department content owners as remediation briefs.
The following features are under consideration or in development. Priorities will be informed by early-access user feedback and the commercial launch plan.
Deeper accessibility coverage to complement the current core checks — moving toward WCAG 2.2 AA conformance reporting.
Pull keyword positions and competitive landscape data directly into the audit report so SEO recommendations are grounded in real ranking opportunity.
Automatically generate accessible, descriptive ALT text for images flagged as missing or inadequate.
A Chrome/Firefox extension that lets users run a Lyrapro quick audit on any page they are currently viewing.
Conversion-rate optimisation analysis using Model Context Protocol — surface UX, copy, and form friction issues that suppress conversions.
Generative Engine Optimization — measure and recommend changes to maximise visibility in AI-generated answers (ChatGPT, Claude, Perplexity, Gemini).
Answer Engine Optimization — score pages for how well they are structured to be cited as direct answers in search and AI surfaces.
AI-generated email marketing campaigns based on audit findings and audience signals.
AI-generated social media content packages aligned to site content and brand tone.
Branding asset generation — logo concepts, colour palettes, tone-of-voice frameworks.
Pre-launch domain and concept analysis — assess whether a proposed business is viable in its target market.
Detect embedded video on pages and report on attributes, performance impact, and SEO best practice (transcripts, schema, lazy-loading).
Classify each page as server-side rendered, client-side rendered, or hybrid — and report on the SEO and performance implications.
Detect statically-generated sites and tune recommendations accordingly (caching, CDN, hosting model).
Score each page on how likely it is to be cited verbatim by an AI assistant — based on structure, clarity, claim density, and source signals.
Analyse the emotional tone of page content — overly negative or overly promotional tone can suppress trust signals.
Beyond Last-Modified headers — detect stale dates in content, outdated references, broken time-sensitive claims.
Identify use of blockquotes as a quality and authoritativeness signal — pages that quote authoritative sources tend to rank and cite more strongly.
Check HTML/CSS/JS for valid markup, consistent formatting, and absence of inline-style sprawl.
Flag any page exceeding a 4MB total transfer size — a hard threshold beyond which mobile and emerging-market performance degrades sharply.
Count DOM nodes per page and flag pages with excessive node counts (Google flags 1,500+) that hurt rendering performance.
Score pages against Experience, Expertise, Authoritativeness, and Trustworthiness signals — Google's content quality framework.
Detect author bylines, schema markup, and author bio pages — critical for EEAT in YMYL (your-money-your-life) content categories.
Pre-assessment for UK Cyber Essentials certification — surface configuration gaps before formal audit.
Score the About page against Experience, Expertise, Authority, and Personality signals — a primary EEAT touchpoint.
Identify UGC sections (comments, reviews, forums) and flag moderation and quality signals.
Analyse the ratio of original content vs templates, navigation, and boilerplate — pages with low original-content ratio under-perform.
AI-generated content recommendations to make a page ten times better than the current top-ranking competitor.
Detect keyword cannibalisation — multiple pages on the same site competing for the same query, diluting authority.
Live Google Analytics 4 and Search Console integration via Model Context Protocol — bring real-traffic, goal, and event data into the audit narrative.
Once the roadmap features above are delivered, Lyrapro will serve a significantly broader set of buyer types. The following personas reflect the segments that become accessible as the platform expands beyond on-page auditing into AI search optimisation, conversion analysis, campaign creation, and business intelligence.
Who they are: An entrepreneur, startup founder, or side-hustle builder in the early stages of validating a business idea. They may have no website yet. They want to know if their idea has legs before investing time and money.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Most likely to use the platform for a single high-value feasibility report rather than recurring audits. Values insight and confidence over technical depth — they want an answer, not a spreadsheet.
Who they are: A content marketing specialist or editorial lead at a brand or agency. Responsible for the content calendar, SEO-driven articles, and organic traffic growth. Needs to know what to write, how to write it, and whether what's already published is working.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits at the start of each content quarter and after publishing major content pieces. Uses the EEAT and citability outputs as editorial briefs for the writing team.
Who they are: An SEO or digital marketing consultant who has moved into Generative Engine Optimization and Answer Engine Optimization. Helps brands appear in AI-generated answers across ChatGPT, Perplexity, Claude, and Google AI Overviews.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs GEO/AEO audits monthly for active clients and uses before/after citability scores as the primary KPI for the engagement. Early adopter — values depth and novelty over price.
Who they are: A brand or growth manager at a venture-backed scale-up or fast-growing consumer brand. The company is growing quickly and the website is central to acquisition. Technical debt is accumulating faster than the team can address it.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Integrates audits into sprint cycles — running a full audit before major releases and a targeted check after. The AI summary is shared in the company all-hands as a site health signal.
Who they are: A digital agency that wants to offer comprehensive website audits as a standalone product or as part of a retainer package, white-labelled under the agency's own brand.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits for every new business pitch and every client onboarding. The PDF is the primary deliverable. Values reliability, presentability, and depth of output above configuration flexibility.
Who they are: A CRO specialist or performance marketer at a direct-to-consumer brand or e-commerce agency. Focused on turning existing traffic into revenue rather than acquiring new traffic.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits before and after CRO experiments to isolate technical factors from UX factors. Uses affected-pages exports to create A/B test hypotheses and developer tickets.
Who they are: An owner or IT manager at an SME that is pursuing Cyber Essentials certification, has recently experienced a security incident, or operates in a regulated sector (financial services, healthcare, legal) where website security is a compliance requirement.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Uses the platform specifically for the security section of the report, shared with a compliance officer or IT auditor. Likely to run quarterly checks and before any Cyber Essentials submission.
Who they are: A social media manager or influencer marketing lead whose campaigns drive significant website traffic but who has no visibility into whether the landing pages can convert that traffic. Increasingly responsible for the full funnel, not just top-of-funnel reach.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Uses the campaign creator tools to generate first drafts for social and email, then exports for review. Runs a landing page audit before major campaigns to catch technical issues that would waste ad spend.
Who they are: A product manager or growth PM at a B2B or B2C SaaS company. Responsible for the marketing site, the product onboarding flow, and the documentation site. Technical enough to understand audit outputs but not a developer.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs audits as part of the quarterly product review cycle and uses GA4/GSC integration to connect site health to business outcomes. The AI summary is shared in the growth team's weekly standup.
Who they are: An SEO manager at a company operating in multiple countries or languages. Responsible for hreflang implementation, localised content quality, and ensuring that the right pages rank in the right markets.
Goals:
Pain points:
Platform features they use:
Usage behaviour: Runs full audits after each major localisation release and uses the hreflang and near-duplicate reports as primary quality-control checks before new market launches.