Privacy Policy

3.1. Data you provide to us

• Contact details: name, email address, company name, job title (if provided).
• Account details: login email, password (stored in hashed form), role or permissions within your organisation’s account.
• Billing and order details: billing address, VAT/tax information, payment-related details provided during checkout (excluding full card numbers, which are handled by our payment processor).
• Support and early access communications: content of your support messages, early access applications, requested test domain, approximate page count, attachments you send us, and any additional information you choose to provide.

3.2. Data generated when you use the service

• Technical and usage data: IP address, browser type and version, operating system, device and network information, date and time of requests, referrer URL (if available).
• Authentication and session data: session identifiers, login timestamps, information about session status (active, expired, logged out).
• Portal and licence data: licence keys and associated domains, licence usage information (for example which domain or project is associated with a licence), actions performed in the portal (for example creating or updating licences, changing settings).
• Security and audit logs: login attempts and outcomes, changes to account or licence settings, relevant events for security monitoring.

3.3. Data from protection and anti-abuse tools

We use Cloudflare, including Cloudflare Turnstile, to protect our website and forms, such as the trial registration form, early access application form and support form, from bots and abuse.

• IP address,
• user agent and browser characteristics,
• certain cookies or similar identifiers,
• technical signals necessary to determine whether a request is legitimate.

1. Account creation and management

• to register your account, authenticate you, and allow you to access the customer portal,
• to associate you with a customer organisation (your company).

2. Providing the service and managing licences

• to enable you to use the Accessibility Quality Gate service,
• to issue, manage, and validate licences,
• to manage domains or projects linked to licences.

3. Order processing, billing, and accounting

• to process your orders and payments,
• to issue invoices and keep accounting records,
• to handle refunds or other billing matters.

4. Customer support and communication

• to respond to your support requests, early access applications and inquiries,
• to send you essential communications about your account, service changes, incidents, and billing (transactional emails).

5. Security, abuse prevention, and service operation

• to protect the website and portal against attacks and abuse,
• to detect and investigate suspicious or fraudulent activity,
• to monitor and maintain the stability and performance of the service,
• to maintain audit logs for security and compliance purposes.

6. Optional product and service information (if you opt in)

• to send you optional product updates or similar communications if you have actively opted in or if permitted by applicable law for existing customers.

1. Performance of a contract or steps prior to entering into a contract

We process your data because it is necessary to enter into and perform the contract with you (or the organisation you represent), in particular to:

• create and manage your account,
• provide access to the Accessibility Quality Gate service,
• issue and manage licences,
• process your orders.

2. Compliance with legal obligations

We process certain data because we are legally required to do so, for example:

• to issue and store invoices and other accounting records,
• to comply with tax and commercial law requirements,
• to fulfil other obligations under applicable law.

3. Legitimate interests

We process personal data based on our legitimate interests, such as:

• ensuring the security and integrity of our systems and services,
• preventing abuse, fraud, and cyber attacks,
• maintaining and improving the stability and performance of our service,
• keeping necessary audit logs.
• When we rely on legitimate interests, we balance these interests against your rights and freedoms and implement appropriate safeguards.

4. Consent

In some cases, we rely on your consent, for example when you explicitly opt in to receive certain product or service-related updates that go beyond strictly necessary transactional messages.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

7.1. Essential cookies used by the website and portal

We use technically necessary cookies to operate the website, checkout flow and customer portal. These cookies are required for the service to function securely.

• cookies required to maintain your authenticated session,
• cookies needed for basic security and load balancing,
• cookies used by Cloudflare to protect the website and apply Turnstile challenges,
• cookies required by Stripe or the checkout flow to process payments securely.

7.2. Session cookies

Session cookies are used to keep you logged in while you use the portal. These cookies:

• are typically deleted when you log out or close your browser,
• are necessary for the secure functioning of the portal.

Cloudflare may set its own technically necessary cookies to provide web security and performance features.

1. Hetzner (hosting and infrastructure, EU)

• Provides server infrastructure and data storage for our services.
• Processes data such as server logs, stored application data, and portal-related information.

Payments (Stripe)

We use Stripe as our payment service provider to process payments for licences and subscriptions. When you make a purchase, certain payment-related data are processed by Stripe, such as your name, email address, billing address, and payment method details.

Stripe acts as our data processor and, in some respects, as an independent controller for its own legal and regulatory obligations, for example anti-money laundering and fraud prevention.

The legal basis for processing is Article 6(1)(b) GDPR (performance of a contract) and, where applicable, Article 6(1)(c) GDPR (legal obligations under tax and accounting laws).

For more information about how Stripe processes personal data, please see Stripe’s Privacy Policy: https://stripe.com/privacy

3. Email / SMTP provider (for example Resend or a similar provider)

• Sends transactional and service-related emails, such as account activation, password reset, billing notifications, support replies and early access confirmations.
• Processes your email address and the content of transactional messages.

4. Cloudflare (including Cloudflare Turnstile)

• Provides web security, performance optimisation, and protection against bots and abuse.
• Processes technical data such as IP address, user agent, and cookies or similar identifiers to filter malicious traffic and run Turnstile challenges on our forms.

Customer account and licence data

• Retained for the duration of your account and for up to 2 years after account deactivation or your last activity. After this period, personal data related to your account is anonymised or deleted. Billing and accounting records linked to your purchases are retained separately as required by law.

Billing and accounting data (invoices, transaction records)

• Retained for a minimum of 10 years in accordance with applicable Slovak accounting and tax laws.

Licence check records and audit logs

• Typically retained for up to 90 days, unless a longer period is necessary in connection with an ongoing security investigation or legal matter.

Screenshots, crawler outputs and similar service data

• Screenshots are retained until superseded by a new scan for the same page. When a new scan is performed, screenshots from the previous scan are automatically replaced.

Server logs

• Standard server logs, such as access logs, are typically retained for up to 30 days, unless we need to retain them longer in connection with security incidents or legal obligations.

1. Right of access

You can request confirmation whether we process your personal data and obtain a copy of such data, together with information about how we process it.

2. Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

3. Right to erasure

You can ask us to delete your personal data in certain situations, for example when the data are no longer needed for the purposes for which they were collected, or when you withdraw your consent (where consent was the legal basis) and there is no other legal ground for processing.

4. Right to restriction of processing

You can ask us to restrict processing of your data in certain circumstances, for example while we are verifying the accuracy of data or assessing an objection.

5. Right to data portability

You can request that we provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format, or that we transmit it to another controller, where processing is based on your consent or on a contract and carried out by automated means.

6. Right to object

You can object, on grounds relating to your particular situation, to processing based on our legitimate interests. We will then no longer process your data for these purposes, unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.

Where we process your personal data for direct marketing purposes, if applicable, you have the right to object at any time. If you object, we will stop processing your data for direct marketing.

7. Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.