PRIVACY POLICY

Last Updated: January 13, 2026

Effective Date: January 13, 2026

Contact (All Privacy, Legal & Support Requests):

📩 support@accessify-ai.com

1. INTRODUCTION

Accessify AI (“we,” “us,” or “our”) provides a software-as-a-service (SaaS) platform that helps organizations identify web accessibility issues aligned with standards such as WCAG and EN 301 549.

This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use our website, application, APIs, and related services (collectively, the “Services”).

We are an India-based entity serving customers globally. We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and CCPA/CPRA.

2. DEFINITIONS

  • Personal Data: Information that identifies or can reasonably be linked to an individual.
  • Customer: The individual or organization using Accessify AI.
  • Controller: The party determining the purposes and means of processing personal data (typically You, the Customer).
  • Processor: The party processing data on behalf of the controller (Accessify AI).
  • Subprocessor: A third-party service provider assisting us in delivering the Services.

3. INFORMATION WE COLLECT

3.1 Information You Provide

When you register or use the Services, we may collect:

  • Account Information: Name, email address, organization name, role.
  • Authentication Data: Managed via Clerk (we do not store passwords).
  • Billing Information: Billing email, Tax/VAT IDs, and transaction metadata (payments are processed by PayPal; we do not store card details).
  • Usage Data: Scan history, reports, and configuration settings.

3.2 Information Collected Automatically

We automatically collect limited technical data, including:

  • IP address
  • Browser and device type
  • Log data (timestamps, actions taken in the app)
  • Error and performance metrics

3.3 GitHub & Code Repository Data

If you connect a repository (e.g., GitHub), we process:

  • Metadata: Repository names, branch names, and commit history (which may contain committer names/emails).
  • Code Snippets: We temporarily process file paths and code snippets only where accessibility issues are detected.

⚠️ Privacy Guarantee:

  • We do NOT clone or store your full repository permanently.
  • We do NOT use your proprietary code to train our public AI models.

3.4 AI Interactions

When you use our AI remediation features, the code snippets involved in the specific accessibility violation are sent to our LLM provider for analysis. This data is not used by the provider to train their models.

3.5 What We Do NOT Collect

We do not intentionally collect:

  • End-user data from your website visitors.
  • Passwords, private keys, or API secrets (we filter these out of scans).
  • Sensitive personal data (health, biometric, etc.).

4. HOW WE USE INFORMATION (LEGAL BASIS)

We process personal data only for legitimate purposes:

Purpose Legal Basis
Providing the Services
Contractual Necessity
Generating AI Fixes
Contractual Necessity
Account Management
Contractual Necessity
Billing & Tax Compliance
Legal Obligation
Security & Abuse Prevention
Legitimate Interest
Product Improvement
Legitimate Interest (Aggregated Data)

We do not sell personal data and do not use your data for third-party advertising.

5. DATA SHARING & SUBPROCESSORS

5.1 Approved Subprocessors

We use the following subprocessors strictly to operate the Service:

  • Vercel: Application hosting & Edge Functions
  • Supabase: Database & encrypted storage
  • Clerk: Authentication & Identity Management
  • PayPal: Payment processing & Fraud detection
  • OpenAI / Anthropic: Large Language Model (LLM) for code analysis (via API with Zero-Retention policy)

5.2 Data Sharing Restrictions

All subprocessors are contractually required to:

  • Process data only as instructed.
  • Maintain industry-standard security controls.
  • Notify us immediately of any security incidents.

We do NOT share data with data brokers, advertisers, or marketing partners.

6. DATA SECURITY

We implement commercially reasonable security measures, including:

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Strict role-based access for our internal team.
  • Ephemeral Processing: Code snippets sent for analysis are discarded after the session.

⚠️ Disclaimer: No system is 100% secure. We cannot guarantee absolute security against sophisticated cyber-attacks.

7. DATA RETENTION

  • Account Data: Retained for the life of your account + 30 days after deletion.
  • Scan Results: Retained for the active subscription period.
  • Logs: Retained for up to 90 days for debugging.
  • Billing Records: Retained for 7+ years as required by tax laws.

8. INTERNATIONAL DATA TRANSFERS

Our infrastructure is cloud-native and may process data globally.

For users in the EEA/UK:

  • We rely on Standard Contractual Clauses (SCCs) for data transfers to non-adequate jurisdictions.
  • We ensure all US-based subprocessors (like Clerk/Supabase) are Data Privacy Framework certified or use SCCs.

9. YOUR RIGHTS (GDPR & GLOBAL)

Regardless of your location, you have the right to:

  1. Access: Request a copy of the data we hold about you.
  2. Rectification: Correct inaccurate data.
  3. Deletion: Request full account deletion (“Right to be Forgotten”).
  4. Portability: Export your scan reports and account data.
  5. Restriction: Object to specific processing activities.

📩 To exercise these rights: Email support@accessify-ai.com

We respond within 30 days.

10. COOKIES & TRACKING

We use:

  • Essential Cookies: For authentication (Clerk) and security. These cannot be disabled.
  • Analytics: We use minimal, privacy-focused analytics to track product usage. You can opt-out via your browser settings.

11. CHILDREN’S PRIVACY

The Services are B2B and not intended for children under 18. We do not knowingly collect data from minors.

12. DATA PROCESSING AGREEMENT (DPA)

For Enterprise customers or EU entities requiring a formal DPA, our standard DPA is available upon request and is incorporated by reference for all EU customers.

📩 Request DPA: support@accessify-ai.com

13. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically.

  • Minor Changes: Effective immediately upon posting.
  • Material Changes: We will notify you via email or in-app notification 14 days prior to the change.

14. CONTACT

For all privacy, data protection, and legal inquiries, please contact:

Accessify AI Compliance Team

Email: support@accessify-ai.com

Location: Chennai, India