Privacy Policy
Last Updated:
At A11yied, we are committed to protecting your privacy and handling your personal data with care and transparency. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our web accessibility testing platform.
By using A11yied, you agree to the collection and use of information in accordance with this policy. If you have any questions or concerns, please contact us at [email protected].
1.Data Controller
A11yied is the data controller responsible for your personal information. You can contact us at:
2.Information We Collect
Account Information
When you create an account, we collect:
- Email address (required for authentication and communication)
- First and last name (optional, for personalization)
- Organization name and settings
- Billing email address (for paid plans)
Scan Data
When you use our accessibility testing service, we collect:
- URLs you submit for scanning
- Accessibility issues detected on your websites
- Scan timestamps and metadata
- Your scan configuration preferences
Payment Information
Payment processing is handled securely by Stripe. We do not store your credit card details. We only retain your Stripe customer ID and subscription information necessary for billing.
Technical Data
We automatically collect certain technical information:
- IP address (for security and fraud prevention)
- Browser type and version
- Device information and operating system
- How you interact with our platform (with your consent for analytics)
3.How We Use Your Information
We use your personal data for the following purposes:
Service Delivery
To provide, maintain, and improve our web accessibility testing service, including generating scan results and managing your account.
Billing and Payments
To process payments, manage subscriptions, and send billing-related communications.
Communication
To send you service updates, security alerts, and respond to your inquiries and support requests.
Product Improvement
To analyze usage patterns and improve our service (only with your consent for analytics cookies).
Legal Compliance
To comply with legal obligations, enforce our Terms of Service, and protect our rights and users.
4.Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on:
- •Contract Performance
Processing necessary to provide our services as outlined in our Terms of Service.
- •Legitimate Interests
Fraud prevention, security monitoring, and improving our service quality.
- •Consent
Analytics and marketing communications (you can withdraw consent anytime through cookie settings).
- •Legal Obligation
Compliance with tax laws, financial regulations, and legal requests.
5.Third-Party Services
We share your data with the following trusted third-party service providers:
Stripe
Payment processing and fraud prevention (PCI DSS compliant). Stripe collects payment information and processes transactions securely.
Privacy Policy →PostHog
Product analytics (EU-hosted, GDPR-compliant). Only activates with your cookie consent. Helps us understand feature usage and improve UX.
Privacy Policy →AI Providers (Optional)
Google Gemini and OpenAI GPT for enhanced accessibility validation (only if you enable AI features). Used to reduce false positives in accessibility testing.
AI validation is opt-in and disabled by default.
6.Data Retention
We retain your personal data only as long as necessary:
- Account data: Retained while your account is active, deleted 30 days after account deletion
- Scan history: Retained for your organization's subscription period, deleted after account closure
- Billing records: Retained for 7 years for tax and legal compliance
- Analytics data: Aggregated and anonymized after 26 months (PostHog retention period)
7.Your Rights Under GDPR
As a data subject, you have the following rights:
Request a copy of your personal data we hold.
Correct inaccurate or incomplete personal data.
Request deletion of your personal data (subject to legal retention requirements).
Request restriction of processing your personal data.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent for analytics cookies or marketing communications anytime.
To exercise these rights, contact us at [email protected]
8.Cookies and Tracking Technologies
We use cookies and similar technologies for:
- Essential cookies: Authentication, session management, and security (always active)
- Analytics cookies: PostHog for usage insights (requires consent)
- Fraud prevention: Stripe cookies for payment security (legitimate interest)
You can manage your cookie preferences through the cookie banner or your browser settings.
9.Data Security
We implement industry-standard security measures to protect your data:
- TLS/SSL encryption for data in transit
- Role-based access controls and authentication
- Security monitoring and logging
- Regular backups and disaster recovery procedures
10.International Data Transfers
Your data is primarily stored within the European Union. When we use third-party services (Stripe, PostHog), we ensure they comply with GDPR through Standard Contractual Clauses or adequacy decisions.
11.Children's Privacy
A11yied is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
12.Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Continued use after changes constitutes acceptance.
13.Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data properly. For Sweden, this is the Swedish Authority for Privacy Protection (IMY - Integritetsskyddsmyndigheten).