Privacy Policy
Last updated: March 20, 2026
1. Overview
A11yScope ("we," "us," or "our") is a web accessibility scanning service operated by Ryusei Saito as a sole proprietorship based in Musashino City, Tokyo, Japan. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website (www.a11yscope.com) and services.
By using A11yScope, you agree to the practices described in this policy. If you do not agree, please do not use our services.
2. Data We Collect
2.1 Account Information
When you create an account, we collect your email address for authentication purposes. We use a passwordless magic-link sign-in system; we do not store passwords.
2.2 Payment Information
Payment processing is handled entirely by Stripe, Inc. We do not store your credit card numbers or banking details on our servers. We retain your Stripe customer ID and subscription status to manage your plan.
2.3 Scan Data
When you run an accessibility scan, we store the URL you submitted, the scan results (accessibility score, violations, passes), and the timestamp. For authenticated users, scan history is linked to your account.
2.4 Usage Data
We collect your IP address for rate limiting and abuse prevention. We use Vercel Analytics to collect anonymous, aggregated usage data (page views, visitor counts). Vercel Analytics does not use cookies and does not track individual users across sites.
2.5 Cookies
We use essential cookies only to maintain your authentication session. These cookies are required for the service to function and cannot be disabled. We do not use advertising or tracking cookies. See our cookie details:
- Authentication session cookies (Supabase) — required for sign-in. Expire when you sign out or after the session timeout.
3. How We Use Your Data
We use your personal data for the following purposes:
- To provide and maintain the accessibility scanning service
- To authenticate your account and manage your subscription
- To send transactional emails (sign-in links, billing notifications)
- To enforce rate limits and prevent abuse
- To improve our service through aggregated, anonymous analytics
- To comply with legal obligations
We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.
4. Third-Party Service Providers
We share your data with the following service providers, solely to operate our service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Email, account data, scan history |
| Stripe | Payment processing | Email, payment details |
| Resend | Transactional email | Email address |
| Vercel | Hosting & analytics | Anonymous usage data (no PII) |
5. Data Retention
- Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
- Scan history — Retained while your account is active. Deleted upon account deletion.
- IP addresses (rate limiting) — Retained for up to 24 hours, then automatically purged.
- Payment records — Retained as required by applicable tax and accounting laws (typically 7 years in Japan).
- Anonymous scans (without account) — Scan results are not linked to any personal data and are retained indefinitely for service improvement.
6. International Data Transfers
A11yScope is based in Japan. Your data may be transferred to and processed in countries outside your country of residence, including the United States (where our service providers Supabase, Stripe, Resend, and Vercel are located). We ensure that appropriate safeguards are in place to protect your data in accordance with applicable law.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
All Users
- Access — Request a copy of the personal data we hold about you
- Deletion — Request deletion of your account and associated data
- Export — Download your data in a machine-readable format
- Correction — Request correction of inaccurate data
You can exercise these rights from your account settings or by emailing us at support@a11yscope.com.
European Economic Area (GDPR)
If you are in the EEA, our legal basis for processing your data is:
- Contract performance — To provide the service you signed up for
- Legitimate interest — Rate limiting, abuse prevention, service improvement
- Legal obligation — Tax and accounting requirements
You also have the right to restrict processing, object to processing, and lodge a complaint with your local data protection authority.
California (CCPA)
If you are a California resident, you have the right to know what personal data we collect, request deletion, and opt out of the sale of personal data. We do not sell personal data.
Japan (APPI)
In accordance with Japan's Act on the Protection of Personal Information (APPI), we clearly specify the purpose of data use, manage personal data securely, and respond to disclosure, correction, and deletion requests. The purpose of use is limited to those described in Section 3.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- All data is transmitted over HTTPS (TLS encryption in transit)
- Database access is restricted by row-level security policies
- Authentication uses secure, time-limited magic links (no passwords stored)
- Payment data is handled exclusively by PCI DSS-compliant Stripe
- We do not store credit card numbers or banking information
In the event of a data breach that affects your personal data, we will notify you and the relevant authorities within 72 hours as required by applicable law.
9. Children's Privacy
A11yScope is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at support@a11yscope.com.
10. Data Processing
When you use A11yScope to scan websites, we act as a data processor on your behalf. The URLs you submit and the resulting scan data are processed solely to provide the accessibility scanning service. We do not use this data for any other purpose.
If your organization requires a formal Data Processing Agreement (DPA) to comply with GDPR or other data protection regulations, please contact us at support@a11yscope.com and we will provide one.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of A11yScope after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: support@a11yscope.com
- Business: A11yScope (Sole Proprietorship)
- Representative: Ryusei Saito
- Location: Musashino City, Tokyo, Japan