Privacy Policy

1. Information We Collect

When you use ComplyKit, we collect the following information:

• Account information: Email address, name, and company name when you create an account.
• Scan data: URLs you submit for scanning and the resulting accessibility reports.
• Payment information: Processed securely by Stripe. We never store your credit card details.
• Usage data: How you interact with our service (pages visited, features used).

2. How We Use Your Information

• To provide and improve our accessibility scanning service.
• To process payments and manage your subscription.
• To send transactional emails (scan results, account updates).
• To respond to support requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate ComplyKit:

• Supabase: Database and authentication (hosted in the US).
• Stripe: Payment processing (PCI DSS compliant).
• Anthropic (Claude API): AI-powered accessibility explanations.
• Vercel: Application hosting and deployment.

4. Data Retention

• Scan results are retained for 12 months on active accounts.
• When you cancel your account, data is deleted within 30 days.
• You may request immediate deletion of your data at any time by contacting us.

5. Your Rights

You have the right to:

• Access and export your data.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Withdraw consent for data processing at any time.

6. Security

We protect your data with HTTPS encryption, row-level security policies on all database tables, and secure environment variable management. All payment data is handled by Stripe and never touches our servers.

7. Contact

For privacy-related questions or data requests, contact us at privacy@complykit.tools.