Skip to main content
The FTC fined the leading overlay provider $1M for deceptive claims. Learn why it matters (opens in new tab)
Legal

Privacy Policy

Last updated: February 1, 2026

Information We Collect

We collect information you provide directly to us when you create an account, add sites, or contact support. This includes:

  • Account information: Name, email address, password (hashed), and organization name
  • Site data: URLs you add for scanning and the scan results (accessibility violations, page content metadata)
  • Payment information: Processed securely by Stripe. We do not store credit card numbers
  • Usage data: Pages visited, features used, and interactions with the platform
  • Communications: Support tickets, feedback, and email correspondence

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Access Audit platform
  • Process accessibility scans and generate compliance reports
  • Send transactional emails (scan completions, account notifications)
  • Respond to support requests and communications
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

Data Sharing

We share your information only in the following circumstances:

  • Service providers: We use third-party services for hosting (infrastructure), payment processing (Stripe), and email delivery. These providers are bound by data processing agreements
  • Legal compliance: When required by law, legal process, or government request
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with advance notice)
  • With your consent: When you explicitly authorize sharing

We do not share scan results or accessibility data with anyone other than the authenticated account owner.

Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Account information is deleted within 30 days
  • Scan results and reports are deleted within 30 days
  • Anonymized, aggregated analytics data may be retained indefinitely
  • Backups containing your data are purged within 90 days

You can request data export or deletion at any time by contacting support@accessaudit.dev.

Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Passwords are hashed using bcrypt with per-user salts
  • Access to production systems is restricted and audited
  • We perform regular security assessments and dependency audits

For more details, see our Security page.

Cookies

We use essential cookies for authentication and session management. Specifically:

  • access_token: HTTP-only cookie for API authentication (15-minute expiry)
  • refresh_token: HTTP-only cookie for session renewal (30-day expiry)

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across websites.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete your personal information
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to automated decision-making

To exercise any of these rights, contact us at privacy@accessaudit.dev.

Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@accessaudit.dev Mail: Ghost Savvy Studios, Privacy Team