Privacy Policy

Overview

ScanAbility ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our WCAG 2.1 accessibility scanning service (the "Service").

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.

Data Collection

We collect information necessary to provide and improve our accessibility scanning service:

Information You Provide

• Email Address: Required for account creation, authentication, and communication
• Scan URLs: Website addresses you submit for accessibility analysis
• Account Profile: Name and optional company information for account identification
• Payment Information: Processed securely through Paddle (we do not store credit card details)

Information Collected Automatically

• Usage Analytics: Pages visited, features used, scan frequency, and timestamps
• Device Information: Browser type, IP address (anonymized in Plausible), operating system, and device type
• API Logs: Requests, response times, and error messages for API key holders
• Scan Results: Accessibility issues identified, severity levels, and remediation data

Information We Do NOT Collect

• Personal identification numbers (SSN, passport, etc.)
• Financial account credentials beyond payment processing
• Biometric data or health information
• Location data beyond IP-based geolocation

Data Storage & Security

Primary Storage: Your account data, scan records, and accessibility reports are stored in Supabase, a secure PostgreSQL database with industry-standard encryption.

Encryption Standards

• Data in transit: TLS 1.2+ encryption
• Data at rest: AES-256 encryption for sensitive fields
• Database backups: Encrypted and redundantly stored

Access Controls

• Role-based access control (RBAC) limits employee access to the minimum required
• All database queries logged and monitored for unauthorized access
• API keys are hashed and never logged in plain text

Data Minimization: We retain only the data necessary to provide our Service and comply with legal obligations.

Cookies & Analytics

We use cookies and analytics tools to understand how you use ScanAbility and improve our Service.

Cookie Policy

• Essential Cookies: Required for authentication, session management, and service functionality. These cannot be disabled.
• Analytics Cookies: Used by Plausible Analytics (cookieless) to measure usage and improve our Service

Plausible Analytics

Important: Plausible Analytics is a cookieless, GDPR-compliant analytics service. It does not:

• Use cookies or tracking pixels
• Store personal data in an identifiable form
• Build user profiles or cross-site tracking
• Require cookie consent under GDPR

Plausible collects only aggregated, anonymized usage data. For details, see Plausible's Privacy Policy.

GDPR & CCPA Compliance

GDPR (EU Residents): We comply with the General Data Protection Regulation (GDPR). You have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion (right to be forgotten)
• Export your data in portable format
• Withdraw consent for non-essential processing
• File a complaint with your local data protection authority

CCPA (California Residents): We comply with the California Consumer Privacy Act (CCPA). You have the right to:

• Know what personal information is collected
• Delete personal information (with certain exceptions)
• Opt-out of the sale or sharing of personal information (we do not sell data)
• Non-discrimination for exercising your rights

Data Sharing: We do not sell, rent, or trade your personal data to third parties. We only share data with:

• Service providers (Supabase, Paddle, Plausible) under data processing agreements
• Law enforcement when required by valid legal process
• Your explicit consent for specified purposes

Data Retention

We retain personal data only as long as necessary to provide our Service and fulfill legal obligations:

• Active Accounts: Account data retained for the duration of your subscription
• Scan Results: Retained for 12 months (or plan duration, whichever is longer)
• Deleted Accounts: Personal data deleted within 30 days of account deletion; backups retained for 90 days
• Legal Holds: Data retained as required by law or litigation holds
• Analytics Logs: Retained for 30 days (Plausible default)

Your Rights

Access Your Data

You can access your personal data and scan records through your account dashboard. To request a complete export of your data in portable format (CSV/JSON), contact [email protected].

Correct or Update Information

You can update your account information (email, name, company) directly in your Settings. Contact us for corrections that require administrative assistance.

Delete Your Account

You can delete your account and associated data through Settings > Danger Zone. This will permanently remove:

• Your account and profile information
• All scan results and accessibility reports
• API keys and integrations

Note: Deleted data cannot be recovered. Backups are retained for 90 days for disaster recovery.

Withdraw Consent

For non-essential processing (email notifications, marketing communications), you can adjust preferences in Settings > Notifications or contact [email protected].

Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a privacy concern, please contact us:

Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new effective date
• Sending an email notification to your registered account email
• Requiring your acceptance before continued use of the Service

Your continued use of ScanAbility after changes become effective constitutes your acceptance of the updated Privacy Policy.