GDPR · CCPA · PIPEDA

Privacy Policy

Last Updated: April 19, 2026

Privacy-First by Design

ScanAbility does not store the HTML content, text, images, or personal data of websites you scan. We analyze accessibility attributes and immediately discard page content after each scan completes. No third-party AI services process scanned content.

1. Who We Are

ScanAbility operates scan-ability.com, an automated web accessibility scanning service. This policy explains how we handle personal data.

This policy complies with GDPR Arts. 13–14 (EU/EEA users), CCPA/CPRA (California residents), and PIPEDA (Canadian residents).

Privacy enquiries

[email protected]

Legal notices

[email protected]

2. Data We Collect

Account Data

Name, email address, organization name (optional), and subscription plan — collected at registration.

Scan Requests

When you submit a URL: the URL itself, scan timestamp, and detected accessibility issues (WCAG criteria, severity, element selectors, remediation suggestions). We do NOT store full HTML content, page text, images, or any personal data from the scanned website.

Scan Reports

Accessibility audit reports (technical findings only — no page content) retained in your dashboard for progress tracking.

Billing Data

Payment processed by Lemon Squeezy (Merchant of Record). We receive only transaction confirmation and subscription tier — never card numbers or CVV codes.

Usage Data

Anonymized telemetry: pages visited, scans initiated, feature usage, error events. Aggregated and not linked to individual identity.

3. What We Do NOT Collect

✓ Not collected:HTML, JavaScript, images, or text content of scanned pages
✓ Not collected:Personal data from end users of your scanned websites
✓ Not collected:Data processed through third-party AI services
✓ Not collected:Tracking pixels or cookies placed on scanned websites

4. Legal Basis

Activity	Basis
Account creation and service delivery	Contract (GDPR Art. 6(1)(b))
Storing scan reports	Contract + Legitimate Interest
Billing	Legal obligation / Contract
Usage analytics	Legitimate interest (GDPR Art. 6(1)(f))

5. Sub-processors

Processor	Purpose	Data Shared
Supabase	Database & authentication	Account data, scan reports
Cloudflare	CDN, DDoS protection	IP addresses, request metadata
Lemon Squeezy	Payment processing (MoR)	Email, billing address
Resend	Transactional email	Email address, email content
Plausible Analytics	Privacy-first analytics	Anonymized visits (no cookies)

ScanAbility uses no AI sub-processors. Accessibility analysis runs on our proprietary scanning engine.

6. Data Retention

Data Type	Retention
Account data	Duration of subscription + 12 months
Scan URLs	12 months (for re-scan comparison)
Scan reports	Duration of subscription + 12 months
Billing records	7 years (US tax law)
Support correspondence	2 years
Usage analytics	24 months (aggregated, anonymized)

7. Your Rights

GDPR (EU/EEA)

✓Access & rectification
✓Erasure (right to be forgotten)
✓Data portability
✓Restriction & objection
✓Lodge supervisory complaint

CCPA (California)

✓Know what's collected
✓Delete personal info
✓Opt out of sale (we don't sell)
✓Non-discrimination

PIPEDA (Canada)

✓Access personal info
✓Challenge accuracy
✓Know collection purposes
✓Withdraw consent

To exercise any right: [email protected]

8. Changes to This Policy

We will notify registered users by email at least 14 days before material changes take effect.

← Back to home

GDPR · CCPA · PIPEDA

Privacy Policy

Last Updated: April 19, 2026

Privacy-First by Design

1. Who We Are

ScanAbility operates scan-ability.com, an automated web accessibility scanning service. This policy explains how we handle personal data.

This policy complies with GDPR Arts. 13–14 (EU/EEA users), CCPA/CPRA (California residents), and PIPEDA (Canadian residents).

Privacy enquiries

[email protected]

Legal notices

[email protected]

2. Data We Collect

Account Data

Name, email address, organization name (optional), and subscription plan — collected at registration.

Scan Requests

Scan Reports

Accessibility audit reports (technical findings only — no page content) retained in your dashboard for progress tracking.

Billing Data

Payment processed by Lemon Squeezy (Merchant of Record). We receive only transaction confirmation and subscription tier — never card numbers or CVV codes.

Usage Data

Anonymized telemetry: pages visited, scans initiated, feature usage, error events. Aggregated and not linked to individual identity.

3. What We Do NOT Collect

✓ Not collected:HTML, JavaScript, images, or text content of scanned pages
✓ Not collected:Personal data from end users of your scanned websites
✓ Not collected:Data processed through third-party AI services
✓ Not collected:Tracking pixels or cookies placed on scanned websites

4. Legal Basis

Activity	Basis
Account creation and service delivery	Contract (GDPR Art. 6(1)(b))
Storing scan reports	Contract + Legitimate Interest
Billing	Legal obligation / Contract
Usage analytics	Legitimate interest (GDPR Art. 6(1)(f))

5. Sub-processors

Processor	Purpose	Data Shared
Supabase	Database & authentication	Account data, scan reports
Cloudflare	CDN, DDoS protection	IP addresses, request metadata
Lemon Squeezy	Payment processing (MoR)	Email, billing address
Resend	Transactional email	Email address, email content
Plausible Analytics	Privacy-first analytics	Anonymized visits (no cookies)

ScanAbility uses no AI sub-processors. Accessibility analysis runs on our proprietary scanning engine.

6. Data Retention

Data Type	Retention
Account data	Duration of subscription + 12 months
Scan URLs	12 months (for re-scan comparison)
Scan reports	Duration of subscription + 12 months
Billing records	7 years (US tax law)
Support correspondence	2 years
Usage analytics	24 months (aggregated, anonymized)

7. Your Rights

GDPR (EU/EEA)

✓Access & rectification
✓Erasure (right to be forgotten)
✓Data portability
✓Restriction & objection
✓Lodge supervisory complaint

CCPA (California)

✓Know what's collected
✓Delete personal info
✓Opt out of sale (we don't sell)
✓Non-discrimination

PIPEDA (Canada)

✓Access personal info
✓Challenge accuracy
✓Know collection purposes
✓Withdraw consent

To exercise any right: [email protected]

8. Changes to This Policy

We will notify registered users by email at least 14 days before material changes take effect.