Legal

Privacy Policy

Effective date: May 7, 2026

Accessly (“we”, “us”, or “our”) operates the Accessly web accessibility scanning platform at accessly.us. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it. By using Accessly you agree to the practices described below. If you do not agree, please do not use the service.

1. Information We Collect

Account information

When you create an account we collect your email address and, if you choose to provide them, your first and last name. This information is used to identify your account and communicate with you.

Scan data

When you run an accessibility scan we store the URL you scanned, the date and time of the scan, and the results returned by our scanning engine (including violation counts, scores, and structured violation detail). This data is associated with your account and used to power your dashboard, reports, and historical trend views.

Document data

If you use the document scanner feature, your uploaded file is processed in memory on our servers to extract accessibility information. We do not permanently store the contents of uploaded files. Scan results (metadata and check outcomes) are retained as described under Data Retention below.

Usage data

We automatically collect certain technical information when you use Accessly, including your IP address, browser type and version, pages visited, time spent on pages, and referring URLs. This data is used in aggregate to understand how the product is used and to improve it.

Payment information

Payments are processed by Stripe. We do not store your full card number, CVV, or bank account details on our servers. We receive and store a Stripe customer ID, your subscription plan, and billing status so we can manage your account.

Contact form submissions

If you contact us via the “Talk to an Expert” form, we collect your name, email address, website URL (optional), and message. This information is used solely to respond to your inquiry.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Accessly platform
Process transactions and manage your subscription
Send you transactional emails (account confirmation, invoices, password resets)
Respond to your support requests and inquiries
Analyse usage patterns to improve the product
Detect and prevent fraud, abuse, or security incidents
Comply with legal obligations

We do not sell your personal data to third parties. We do not use your scan data for advertising or share it with third parties for their marketing purposes.

3. Cookies and Tracking

Accessly uses cookies and similar technologies to keep you signed in, remember your preferences, and understand how you use the platform.

Essential cookies

These are required for the service to function. They include authentication session cookies set by Supabase. You cannot opt out of essential cookies while using the service.

Analytics

We may use privacy-respecting analytics tools to understand aggregate usage patterns. No personally identifiable data is shared with analytics providers.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from signing in or using authenticated features.

4. Third-Party Services

We rely on the following third-party service providers to operate Accessly. Each provider processes data under their own privacy policies and security practices.

Supabase

We use Supabase for database storage and user authentication. Your account data, scan results, and site watchlist are stored in Supabase-managed PostgreSQL databases hosted on AWS infrastructure. Supabase Privacy Policy →

Stripe

Stripe processes all payment transactions. When you subscribe to a paid plan, Stripe collects and stores your payment card details. We receive only non-sensitive billing metadata (customer ID, plan status, last-4 digits) from Stripe. Stripe Privacy Policy →

Resend

We use Resend to deliver transactional emails such as account confirmations and contact form replies. Your email address and relevant message content are transmitted to Resend for delivery purposes only. Resend Privacy Policy →

5. Data Retention

We retain your account information and scan history for as long as your account is active. If you delete your account, we will permanently delete your personal data and scan history within 30 days, except where retention is required by law (e.g. financial records which may be retained for up to 7 years).

Uploaded document files are not stored after processing is complete. Scan result metadata derived from documents is retained as part of your scan history.

6. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

Encryption in transit using TLS for all data sent between your browser and our servers
Encryption at rest for data stored in Supabase
Row-level security (RLS) policies so each user can only access their own data
API key access controls and short-lived session tokens

No method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect any unauthorised access to your account.

7. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

Access

You may request a copy of the personal data we hold about you.

Correction

You may update your account information at any time from your Settings page. You may also contact us to correct inaccurate data.

Deletion

You may delete your account at any time from Settings → Danger Zone. This permanently removes your account and associated data.

Portability

You may request an export of your scan data in a structured, machine-readable format.

Objection and restriction

You may object to or request restriction of certain processing activities where applicable under GDPR or other applicable law.

To exercise any of these rights, contact us at contact@accessly.us. We will respond within 30 days.

8. Children's Privacy

Accessly is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the effective date at the top of this page and, where appropriate, notify you by email. Your continued use of Accessly after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Accessly

contact@accessly.us