Sign in Sign up
Sign in Sign up

Privacy Policy

Last updated: February 4, 2026

This Privacy Policy describes how Valerius, operating as AccessGuard ("we", "us", "our"), collects, uses, and protects your personal information when you use our web accessibility scanning service at getaccessguard.com.

1. Introduction

AccessGuard is a web accessibility scanning and WCAG compliance service operated by Valerius, a company registered in Bosnia and Herzegovina. We are committed to protecting your privacy and handling your data transparently.

This policy applies to all users of AccessGuard, including free and paid subscribers, and covers data collected through our website at getaccessguard.com.

2. Information We Collect

Account Data

When you create an account, we collect:

  • Name and email address
  • Encrypted password (we never store plain-text passwords)
  • Avatar image (optional)
  • Theme preference (light/dark mode)

Organization Data

For team accounts, we collect:

  • Account/organization name
  • Billing email address
  • Team membership information

Scanning Data

When you use our scanning service, we collect:

  • URLs of pages you scan
  • HTML snippets containing accessibility issues
  • CSS selectors identifying problematic elements
  • Page screenshots for visual reference

Usage Data

We automatically collect:

  • Scan history and timestamps
  • Credit usage records
  • Issue activity logs (viewing, resolving issues)

3. How We Use Your Information

We use your information to:

  • Provide the scanning service: Analyze web pages for accessibility issues and generate reports
  • Process AI suggestions: Generate fix recommendations using your scan data
  • Manage subscriptions: Process billing and maintain your account
  • Send service emails: Password resets, scan notifications, and important account updates
  • Improve our service: Analyze aggregate usage patterns to enhance features

4. Third-Party Services

We share limited data with the following third-party services:

Lemon Squeezy (Payment Processing)

When you subscribe to a paid plan, Lemon Squeezy receives your billing email and account name to process payments. Lemon Squeezy is PCI-DSS compliant and handles all payment card data directly - we never see or store your card details.

Anthropic Claude (AI Suggestions)

To generate AI-powered fix suggestions and alt text, we send HTML snippets and images from scanned pages to Anthropic's Claude API. This data is processed transiently and is not stored or used for model training by Anthropic.

Cloudflare R2 (File Storage)

Images uploaded to the Alt Wizard feature are stored on Cloudflare R2, a secure cloud storage service. These images are automatically deleted after 24 hours. Cloudflare does not access or process the content of your files.

We do not use:

  • Advertising networks
  • Third-party analytics tracking
  • Data brokers or resellers

5. Cookies

We use only essential cookies required for the service to function:

  • Session cookies: Maintain your authenticated session
  • Remember-me cookies: Keep you logged in between sessions (optional, based on your preference)

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

6. Data Retention

  • Alt Wizard images: Automatically deleted after 24 hours
  • Scan data: Retained while your account is active
  • Account data: Retained while your account is active
  • Deleted accounts: All associated data is permanently purged within 30 days of account deletion

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data is transmitted over HTTPS/TLS
  • Password security: Passwords are hashed using bcrypt with appropriate cost factors
  • Access controls: Data access is restricted on a need-to-know basis
  • Logging: Sensitive parameters are filtered from application logs

8. Your Rights (GDPR/CCPA)

Regardless of your location, we provide all users with the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Data portability: Export your data in a machine-readable format
  • Objection: Object to certain processing of your data

For EU residents, these rights are provided under the General Data Protection Regulation (GDPR). For California residents, these rights are provided under the California Consumer Privacy Act (CCPA).

To exercise any of these rights, please contact us using the information below.

9. International Transfers

Your data may be processed in the United States, where our infrastructure providers are located. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

AccessGuard is not intended for users under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at least 30 days before the changes take effect. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Valerius
Operating as AccessGuard
Bosnia and Herzegovina

Email: support@getaccessguard.com