Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how PageAudit (“we”, “our”, pageaudit.xyz) handles information when you use our accessibility scanning service. We collect as little data as necessary to operate the Service.

1. Information We Collect

Account information

When you sign up, we collect your email address and a hashed password (via Supabase Auth). If you sign in with Google, we receive the public profile information Google provides (name, email, profile picture). We never see your Google password.

Payment information

Paid subscriptions are processed by Polar.sh as our merchant of record. Your card details and billing address are handled entirely by Polar; we never see or store them. We receive only a customer identifier and subscription status from Polar so we can unlock paid features for your account.

Scan data

When you scan a URL, we store the URL, page title, accessibility score, issue counts by severity, and the list of issues found. This data is associated with your account (if logged in) so you can see scan history.

We do not store the HTML content of scanned pages. Pages are loaded in an automated browser, analyzed, and the HTML is discarded after the scan. We also do not store screenshots, cookies, form inputs, or any personal data that may be present on scanned pages.

Technical information

For rate limiting purposes, we store a SHA-256 hash of the IP address of anonymous (non-logged-in) users. We do not store raw IP addresses. Basic server logs may retain IP addresses temporarily (typically under 30 days) for security and abuse investigation.

2. How We Use Information

To provide, operate, and maintain the Service;
To authenticate you and keep your session secure;
To enforce scan quotas and rate limits per your plan;
To send transactional emails (account confirmation, password reset, billing notifications);
To investigate abuse or technical issues;
To comply with legal obligations.

We do not sell your personal data. We do not use your data to train machine-learning models. We do not use your data for advertising.

3. Sub-processors

The following third parties process data on our behalf:

Supabase — database and authentication (privacy policy)
Polar.sh — payment processing and subscription management as merchant of record (privacy policy)
Railway — server hosting (privacy policy)
Cloudflare — DNS and edge network (privacy policy)

4. Data Retention

Account and scan data are retained while your account is active. If you delete your account, your profile and scan history are deleted within 30 days. Anonymous rate-limit records are retained for up to 30 days. Payment and billing records held by Polar.sh are retained according to Polar's policy and applicable tax and accounting law.

5. Your Rights

Depending on your jurisdiction (e.g., EU/EEA under GDPR, UK under UK GDPR, California under CCPA), you may have the right to:

Access the personal data we hold about you;
Request correction of inaccurate data;
Request deletion of your data;
Request export of your data in a portable format;
Withdraw consent or object to certain processing (where applicable);
Lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at the email below. You can also delete your account and associated data at any time from your Settings page.

6. Cookies and Local Storage

We use first-party cookies and local storage only for essential Service functions: keeping you signed in, remembering your preferences, and protecting against CSRF. We do not use advertising or analytics cookies.

7. International Transfers

Our sub-processors may store or process data in the United States or the European Union. Where data is transferred across borders, we rely on the sub-processors' own legal safeguards (standard contractual clauses and similar mechanisms).

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.

9. Security

We use reasonable technical and organizational measures to protect your data, including TLS in transit, encrypted database storage, and hashed passwords. No system is perfectly secure; we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email or on-site notice. The “Last updated” date above indicates when the policy was last revised.

11. Contact

Questions, complaints, or requests related to this Privacy Policy or your personal data: wwa11020@gmail.com