Privacy Policy

This Privacy Policy explains how a11ymind AI (“we”, “us”, “our”) collects and uses information when you visit www.a11ymind.ai or use our accessibility scanning services (the “Service”). By using the Service you agree to the practices described below.

1. Information we collect

Account information

When you create an account we collect your email address, a hashed password (for credential sign-ups), and optional display name. If you sign in with Google or GitHub, we receive your email and basic profile fields from that provider.

Scan data

When you run a scan we receive and store the target URL, the accessibility violations detected on that page, axe rule identifiers, the HTML snippets of affected elements, and the resulting score. This data is associated with your account when you are logged in; anonymous scans are stored without an owner and are eligible for deletion after 30 days.

Billing information

We do not see or store payment card details. Payments are processed by Stripe, which returns a customer ID and subscription metadata that we store to manage your plan.

Technical data

Our infrastructure logs standard request data (IP address, user agent, timestamp, path) for abuse prevention and debugging. These logs are retained for up to 30 days.

2. How we use information

• To operate the Service — run scans, store results, show your dashboard.
• To generate plain-English fix guidance via our AI provider (see §3).
• To send transactional email (sign-in confirmations, scan alerts, billing notices).
• To prevent abuse — rate limiting, bot detection, and disposable-email checks.
• To improve the Service in aggregate — we do not train AI models on your scan data.

3. Third-party services

We share the minimum data necessary with the following processors:

• Anthropic — violation data is sent to Anthropic's Claude API to generate fix guidance. Anthropic processes the request and returns a response; per their commercial terms they do not use API inputs to train models.
• Stripe — payment processing and subscription management.
• Resend — transactional email delivery.
• Vercel — application hosting and serverless execution.
• Cloudflare Turnstile — bot protection on the signup form. Turnstile may process your IP address and browser characteristics to produce a risk score.
• Google / GitHub — only if you choose the respective OAuth sign-in.

4. Cookies

We set a session cookie to keep you signed in. We do not use advertising or cross-site tracking cookies. Cloudflare Turnstile and our OAuth providers may set their own cookies as part of their flows.

5. Data retention

• Account and scan data: retained while your account is active.
• Anonymous scan results: up to 30 days.
• Server logs: up to 30 days.
• Billing records: retained as long as required by tax and accounting law.

6. Your rights

You can export or delete your account data at any time by emailing hello@a11ymind.ai. Account deletion removes your user record, saved sites, scans, and share tokens. Billing records may be retained where required by law.

If you are in the EU, UK, or California you have rights under GDPR / UK GDPR / CCPA including access, correction, erasure, and portability. Send requests to the address above and we will respond within the statutory timeframe.

7. Security

Passwords are stored hashed with bcrypt. Traffic to the Service is served over HTTPS. We use the standard access controls provided by our hosting and database providers. No system is perfectly secure — if you discover a vulnerability please report it to security@a11ymind.ai.

8. Children

The Service is not directed to children under 16 and we do not knowingly collect their information.

9. Changes to this policy

We may update this policy. When we do, we will change the “Last updated” date at the top. Material changes will be announced by email or an in-app notice before they take effect.

10. Contact

Questions or requests: hello@a11ymind.ai.

See also our Terms of Service.