Privacy Policy

1. Information We Collect

A. Account Data

When you sign in to Accesserty Console or CRM through Google OAuth, we receive your email address, display name, avatar, and the user identifier issued by Google. We use this information to authenticate you, create your user profile, generate your Pulse view_key, and determine which domain data you may access.

We do not receive your Google password, nor do we access Gmail, Google Drive, or other Google service content.

B. Subscription and Billing Data

When you subscribe to Pulse Pro, Lemon Squeezy handles checkout, payment methods, taxes, and invoices. Accesserty may store Lemon Squeezy customer and subscription identifiers, plan status, subscription start and end times, and information needed to open the customer portal. We do not directly store full payment-card numbers or security codes.

C. Contact Form and CRM Data

When you submit our website contact form, we collect your name (optional), email, referral sources, message body, UTM source information, and User-Agent. We use this information to respond to inquiries, keep service records, and improve our website communication flow.

D. Accesserty Pulse Behavior Events

When a website administrator installs pulse.js on their website, Pulse records interaction events that may indicate usability or accessibility difficulties, such as rage clicks, blocked keyboard interactions, focus reversals, failed Escape attempts, and repeated form submissions.

Pulse event data may include the view_key, domain, page URL, event type, CSS selector of the affected element, a short event note, a random session ID, and the User-Agent.

Pulse does not collect form field contents, actual keystrokes, full DOM, page text, screenshots, mouse-movement trails, or cross-site browsing history.

E. Accesserty Pulse Page Scan Summaries and Weekly Reports

Pulse may also run low-frequency axe-core summary scans in the browser after an end user opens a page. These scans provide a machine-detectable overview of WCAG A/AA and best-practice risks. To avoid repeated scans, the same view_key, URL, and scan version are usually not scanned again within a short period.

Scan summaries may include scan time, URL, rule IDs, impact levels, issue counts, axe-core help text, help URLs, and a small number of sample selectors. They are not a full manual accessibility audit and do not mean that a website conforms to WCAG 2.2 AA or any legal requirement.

Pro users may opt in to a weekly email report. The report aggregates Pulse events, scan summaries, and Signal reports for their verified domains and is delivered to the account email through Resend as semantic HTML with a complete plain-text fallback. The same report can also be viewed in Console. Administrators may preview or manually send the same type of report when needed for service support.

F. Accesserty Signal Reports and Search-Result Labels

Accesserty Signal is a browser extension that mainly runs on Google and Bing search-result pages. It may display public accessibility certification records from supported sources, accessibility-statement links, and Accesserty ALLY active-maintenance information.

When you actively submit a report through Signal, we collect issue types, the reported page URL, domain, User-Agent, and email address if you choose to provide one. The report may also include a snapshot of publicly visible accessibility signals for that page, such as whether the site is an Accesserty ALLY, whether it has a supported public certification record, certification source and level, report date, validity date, and known accessibility-statement URL. Signal does not send your full browsing history to us in the background.

G. Accesserty ALLY Applications and Maintenance

When a verified-domain maintainer applies for ALLY, we process the account, application status, verified domains, review outcome, and relevant timestamps. To maintain the program, we may also store revocation time and reason, the date after which reapplication is allowed, Signal report-resolution status, owner-reminder timestamps, and administrator-created spot-check records such as the domain, finding, optional evidence URL, status, and action timestamps.

We use this information to review applications, route and follow up on accessibility reports, send service reminders or administrator digests through Resend, record spot-check follow-up, and make administrator decisions about whether ALLY remains active. The maintenance engine does not automatically revoke ALLY.

H. Accesserty DevCheck

Accesserty DevCheck's simulations, axe-core scans, and PDF structure checks primarily run locally in your browser or extension. DevCheck does not automatically upload scanned page content, PDF files, or scan results to Accesserty.

If you actively run DevCheck's AI Semantic Check, the extension extracts part of the current page text, link information, and selected images, then sends that content to Google Gemini for analysis. If you provide your own Gemini API key, the request is sent directly to Google. If you use Accesserty's free quota, the request is sent to Accesserty's Supabase Edge Function first, then forwarded to Google Gemini, and device-instance usage is recorded to enforce daily limits.

The AI Semantic Check does not send full DOM, browsing history, form input, or PDF files. Content sent to Google Gemini through the free quota may be used by Google to improve its models under Google Gemini's terms. Do not use the AI Semantic Check on confidential pages, unauthorized pages, or pages containing sensitive personal data.

I. Accesserty UI Kit

Accesserty UI Kit is an open-source Web Components library. Merely using or downloading UI Kit does not cause us to automatically collect your personal data. If you obtain the package through GitHub, npm, or another third-party platform, that platform may process data under its own policy.

J. Cookies and Local Storage

• Supabase Auth: Used to maintain your Console sign-in session.
• i18n_redirected: Used to remember language preference.
• UTM localStorage: Used to remember first-touch and last-touch website source information.
• pulse_sid and scan cache: Stored in the end user's tab sessionStorage to group one browsing session and avoid duplicate scans in the same tab.
• Extension storage: Signal and DevCheck may use browser extension storage for settings, cache, or temporary state.

Our website may load analytics or diagnostic tools through Google Tag Manager, such as Microsoft Clarity when enabled. These tools may process usage data under their own policies.

2. How We Use Information

• Provide sign-in, Console, Pulse, Signal reports, CRM, and related services.
• Manage Pulse Pro plans, subscription status, feature access, and optional weekly reports.
• Help website administrators view Pulse events and scan summaries for their registered domains.
• Process user reports, contact requests, and service support.
• Review ALLY applications, follow up on reports and spot checks, send maintenance reminders, and record administrator decisions.
• Improve product detection logic, interfaces, and documentation.
• Prevent abuse, forged origins, unauthorized domain use, and security risks.
• Where necessary, use de-identified or aggregated data to understand accessibility and usability trends.

3. Third-Party Services

We use third-party services to provide infrastructure and functionality, including Supabase (database, Auth, Edge Functions), Google OAuth, Google Gemini (DevCheck AI Semantic Check and image alternative-text suggestions), Lemon Squeezy (subscriptions, payments, and taxes), Resend (weekly reports and service email), Cloudflare Pages / CDN, Google Tag Manager, and analytics or diagnostic tools that may be enabled through GTM.

We do not sell your personal data. We may disclose necessary information where required by law, to protect rights, investigate security matters, or in connection with a business transfer.

4. Data Retention

• Account Data: Retained while you use the Service. You may request deletion of your account and related personal data.
• Subscription and Billing Records: Retained during the subscription and for periods required for plan access, accounting, tax, refund, and dispute handling. Payment-card data is handled by Lemon Squeezy under its policies.
• Weekly Reports: Report content is generated from existing Pulse and Signal records. Delivery records may be retained for service support and troubleshooting.
• Contact Form: Retained for response and service records. You may request deletion.
• Signal Reports: Retained to support issue handling, site-owner replies, and audit history.
• ALLY Applications and Maintenance Records: Application decisions, reminder and resolution state, spot-check findings, and revocation records may be retained for program operation, abuse prevention, and audit history. Domain verification remains separate from ALLY status.
• Pulse Events and Scan Summaries: Retained while the service is still being adjusted, for Console display, diagnostics, and product improvement. We may aggregate, anonymize, or delete this data as the service evolves.
• Local Data: DevCheck and browser-extension local data can be cleared through your browser or extension settings.

5. Your Rights

You may request access to, correction of, or deletion of personal data we hold about you, and you may ask us to stop unnecessary communications. If you are an end user of a website where Pulse is installed, you may also contact that website administrator about their disclosure, consent, and data-processing practices.

6. International Transfers

Because we use international cloud providers such as Supabase, Google, and Cloudflare, data may be transferred to and stored on servers outside your country or region.

7. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect children's personal information. If you believe children's data has been improperly provided to us, please contact us.

8. Policy Updates

We may update this policy when our products, legal obligations, or data-processing practices change. Updates will be posted on this page with a revised effective date.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: service@accesserty.com