Privacy Policy

Last updated: March 14, 2026 | GDPR compliant

AccessPatch ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under the GDPR and other applicable laws.

1. Data We Collect

Data Type	Why We Collect It	Legal Basis
Name, Email	Account creation, communication	Contract
Password (hashed)	Account authentication	Contract
Website URL	Accessibility scanning	Contract
Scan results (score, violations)	Dashboard, reports	Contract
Payment info	Billing (processed by Paddle)	Contract
IP address, browser	Security, fraud prevention	Legitimate interest

2. How Your Website Visitors' Data Is Handled

When the ag.js script runs on your website, it:

Reads DOM elements to detect accessibility issues (processed in-browser only)
Sends aggregated scan scores (no personal visitor data) to our servers
Stores user accessibility preferences (e.g. high contrast) in localStorage — client-side only, we never receive this

We do not collect, track, or sell your website visitors' personal data.

3. Cookies

We use only essential cookies for session management (login). We do not use tracking or advertising cookies. The ag.js widget uses localStorage (not cookies) for preference storage.

4. Data Sharing

We share data only with:

Paddle — payment processing (their privacy policy applies)
OpenAI — image alt text generation (image URLs only, no personal data)
No data brokers, advertisers, or third-party analytics

5. Data Retention

Account data: retained while your account is active + 30 days after deletion
Scan results: retained for 12 months, then automatically deleted
Payment records: retained for 7 years (legal requirement)

6. Your Rights (GDPR)

As an EU resident, you have the right to:

Access — request a copy of your data
Rectification — correct inaccurate data
Erasure — request deletion of your account and data
Portability — receive your data in a structured format
Object — opt out of processing based on legitimate interest

To exercise these rights: support@accesspatch.com

7. Security

We use industry-standard security measures including encrypted passwords (bcrypt), HTTPS (TLS), and restricted database access. We do not store payment card details — all payments are processed by Paddle.

8. International Transfers

Our servers are located within hosting facilities that may process data outside the EEA. Where applicable, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs).

9. Contact & DPA

Data controller: AccessPatch
Email: support@accesspatch.com
For GDPR-related requests, include "GDPR Request" in your subject line.

See also: Terms of Service | Refund Policy