Summary: We collect only what we need to run a11y lint. We never sell your data. You can delete your account and all associated data at any time.
1. Who we are
a11y lint ("we", "us", "our") operates the website at a11y-lint.com and the web application at app.a11y-lint.com. We provide an AI-augmented WCAG 2.2 accessibility auditing service for web teams.
For questions about this policy, contact us at support@a11y-lint.com.
2. Information we collect
2.1 Information you provide directly
- Account information: Name, email address, and password when you register. If you sign in with Google, we receive your name and email from Google.
- Organization information: Your organization name and any team members you invite.
- Billing information: Payment details are collected and stored by Stripe, our payment processor. We receive only a payment status and non-sensitive billing identifiers — we never see or store your full card number.
- Audit inputs: URLs you submit for auditing, and any configuration you provide (WCAG level, selectors, etc.).
- Communications: Any messages you send us via email or support channels.
2.2 Information collected automatically
- Log data: IP addresses, browser type, pages visited, timestamps, and referring URLs when you use our service.
- Usage data: Actions you take in the app (audits created, pages scanned) to operate and improve the service.
- Session data: Authentication session tokens stored in secure HTTP-only cookies.
2.3 Data from third parties
- Google OAuth: If you sign in with Google, we receive your name, email, and profile picture as permitted by your Google account settings.
- Stripe: Subscription status, plan tier, and billing period dates provided by Stripe after a payment event.
3. How we use your information
| Purpose | Legal basis |
|---|---|
| Provide, operate, and maintain the service (running audits, storing results) | Contract performance |
| Send transactional emails (verification, invitations, password reset) | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Detect and prevent fraud, abuse, or security incidents | Legitimate interest |
| Improve and debug the service through aggregate usage analytics | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send service announcements directly related to your account | Legitimate interest |
We do not use your data for automated decision-making that produces legal or similarly significant effects on you.
4. Sharing your information
We do not sell, rent, or trade your personal information. We share data only in the following circumstances:
4.1 Service providers (sub-processors)
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, email delivery (SES) | USA |
| Stripe | Payment processing and subscription management | USA |
| AI Service Provider | AI analysis of DOM structure during audits | USA |
| Optional OAuth authentication (if you choose to sign in with Google) | USA |
Each sub-processor is contractually bound to handle data only as directed by us and to maintain appropriate security standards.
4.2 Legal requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (court orders, subpoenas).
4.3 Business transfers
If a11y lint is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
4.4 With your consent
We may share data for any other purpose with your explicit consent.
5. Data retention
We retain your personal data for as long as your account is active or as needed to provide the service.
- Account data: Retained until you delete your account.
- Audit results: Retained for 12 months after the audit was created, then automatically purged. You can delete individual audits at any time.
- Billing records: Retained for 7 years as required by financial regulations.
- Server logs: Retained for 30 days, then deleted.
When you delete your account, we delete all associated personal data within 30 days, except where retention is required by law.
6. Cookies
We use a minimal set of cookies necessary to operate the service:
| Cookie | Purpose | Duration |
|---|---|---|
better-auth.session_token |
Keeps you logged in between page loads. HTTP-only, Secure, SameSite=Lax. | Session / 7 days |
We do not use advertising cookies, tracking pixels, or third-party analytics scripts on the application. The marketing website (a11y-lint.com) uses no cookies.
7. Security
We take reasonable technical and organizational measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher.
- Database and storage volumes are encrypted at rest using AES-256.
- Passwords are hashed using bcrypt and are never stored in plaintext.
- Access to production infrastructure is restricted to authorized personnel using multi-factor authentication.
- Session tokens are stored in HTTP-only cookies to prevent JavaScript access.
Despite these measures, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it to support@a11y-lint.com.
8. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten"). You can also delete your account directly from the app settings.
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at support@a11y-lint.com. We will respond within 30 days.
California residents (CCPA)
California residents have the right to know what personal information we collect and share, the right to delete personal information, and the right to opt out of the "sale" of personal information. We do not sell personal information. To exercise your rights, contact us at support@a11y-lint.com.
9. Children's privacy
a11y lint is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. International data transfers
a11y lint is operated from the United States. If you are accessing the service from outside the United States, your data will be transferred to and processed in the United States. We rely on standard contractual clauses (SCCs) as approved by the European Commission when transferring personal data from the EEA to the United States.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and update the "Last updated" date at the top of this page. Your continued use of the service after the effective date constitutes acceptance of the updated policy.
12. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
a11y lint
Email: support@a11y-lint.com
Website: a11y-lint.com