DAC-A11y Privacy Policy

We only capture the details needed to operate your workspace and deliver accessibility outcomes.

Account details: name, email, phone, and organization profile data supplied during sign-up or profile edits.
Authentication metadata: hashed credentials, MFA tokens, and login telemetry used to secure accounts.
Billing identifiers: customer IDs and subscription references exchanged with payment processors—never raw card numbers.
Uploaded assets: websites, documents, and images submitted for scanning or remediation.
Scan telemetry: run IDs, queue timings, duplicate-scan suppression signals, and crawler engine states captured to keep scans reliable.
Cloud drive selections: Google Drive My Drive and Shared Drives file names, MIME types, and delegated tokens necessary to fetch the items you pick.
API key metadata: display names, suffixes, statuses, expirations, and last-used timestamps recorded for auditing and rotation.
Alt Text Lab inputs: clipboard or uploaded images held in-memory per session to generate captions without persisting them.
Diagnostics: performance metrics and crash traces that help us monitor reliability.

Every data flow supports a specific, customer-driven purpose—never ad targeting or resale.

Deliver scans, remediation, and reporting tailored to your projects.
Secure accounts, throttle abuse, and keep detailed audit trails.
Operate subscriptions, reconcile invoices, and respond to support requests.
Improve detection accuracy and prioritize roadmap fixes using anonymized usage patterns.
Enforce per-user API key limits, rotate or revoke keys, and log usage for security reviews.
Diagnose scan health (including deep and single-page runs), resolve duplicate submissions, and tune queue performance with time-limited operational logs.
Coordinate cloud-drive imports (including multi-select Google Drive fetches) through delegated tokens you approve.

Uploaded files are handled with least-privilege access and lifecycle controls.

Processing pipeline: AI and remediation services run only to evaluate accessibility; providers are bound by confidentiality agreements.
Documents & exports: kept while jobs run, then archived or purged according to workspace retention settings. Temporary work files are destroyed post-processing. Password-protected items are flagged early with an error instead of being retained.
Remediation limits: Automated fixes and checks improve accessibility but do not guarantee full WCAG or screen-reader compatibility. Manual review and validation are still required for most documents.
Operational telemetry: queue events (including the new upload modal states), duplicate detection decisions, and status change logs are retained for a short diagnostic window before being rotated.
Clipboard images for alt text: remain in-memory for your session only and are discarded when you leave or refresh the page.
Account & telemetry data: retained as long as needed to operate the service or meet legal duties, then minimized or deleted.
Submit deletion requests through Support at any time—we verify identity before acting.

We partner with trusted vendors and give you clear choices over personal data.

Encryption in transit, isolated storage, RBAC, and continuous monitoring protect every workspace.
Limited data is shared with payment services, notification providers, cloud AI engines, and legal advisors—never sold to advertisers.
All processors sign data-protection agreements and use information solely to fulfill DAC-A11y workflows.
Depending on your jurisdiction, you may access, correct, delete, or export your data. Start a request via Contact Us .
We announce material policy updates by email or in-app notifications; continued use signifies acceptance.
Review the Terms and Conditions for the full rules that govern use of DAC-A11y.