Privacy Policy

Last updated: June 5, 2026

1. Data Controller

The data controller is AccessibilityCheck, reachable at privacy@accessibilitycheck.site.

2. Data We Collect

We collect the following categories of personal data:

• Registration data: first name, last name, email address, company name.
• Usage data: URLs scanned, accessibility scan results, activity logs.
• Technical data: IP address, browser type, operating system, session cookies.
• Payment data: processed exclusively by PCI DSS-certified third-party providers (Stripe / Paddle). We do not store credit card details.

3. Purposes and Legal Basis

• Service delivery (Art. 6(1)(b) GDPR – contract performance): account management, running scans, generating reports.
• Legal compliance (Art. 6(1)(c) GDPR): invoicing, tax obligations.
• Legitimate interest (Art. 6(1)(f) GDPR): service security, fraud prevention, platform improvement via anonymous aggregated data.
• Consent (Art. 6(1)(a) GDPR): sending marketing communications and newsletters (only if you have given explicit consent).

4. Data Retention

• Account data: until account deletion, plus 12 months for legal compliance.
• Scan data: 24 months from the scan date, then deleted or anonymized.
• Billing data: 10 years (Italian tax obligations).
• Technical logs: 90 days.

5. Data Recipients

Your data may be shared with:

• Payment providers: Stripe Inc. / Paddle.com – payment processing.
• Hosting providers: servers physically located in the European Union.
• Analytics services: anonymous aggregated data only, not linked to any individual.

We do not sell or share personal data with third parties for marketing purposes.

6. International Data Transfers

Where data is transferred outside the EEA, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses adopted by the European Commission).

7. Your Rights

Under the GDPR you have the right to:

• Access your personal data;
• Request rectification or updating;
• Request erasure ("right to be forgotten");
• Object to processing or request restriction;
• Request data portability in a structured format;
• Withdraw consent at any time, without affecting the lawfulness of prior processing;
• Lodge a complaint with your supervisory authority (e.g., the Italian Garante – www.garanteprivacy.it).

To exercise your rights, write to privacy@accessibilitycheck.site. We will respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, or disclosure, including HTTPS/TLS encryption for all data in transit and restricted access for authorized staff only.

9. Cookies

For detailed information about our cookie usage please read our Cookie Policy.

10. Changes

We may update this Policy. For material changes we will notify you by email or via an in-platform notice.