Privacy Policy

Last updated: March 26, 2026

Axara ("we," "us," or "our") operates the Axara website and accessibility scanning service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your email address and a hashed version of your password. We never store passwords in plain text.
  • Website URLs: When you run a scan, you provide the URL of the website you want to audit. We access this URL to perform the accessibility scan.
  • Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We never see or store your full credit card number. Stripe provides us with a tokenized reference and basic billing details (last 4 digits, expiration, billing address).
  • Communications: If you contact us via email, we retain the content of your messages to respond and improve our service.

Information Collected Automatically

  • Scan results: We store the results of your accessibility scans (scores, violations, HTML snippets) so you can access your reports and track compliance over time.
  • Usage data: We collect basic analytics such as pages visited, scan frequency, and feature usage to improve our product. We do not use third-party tracking scripts or advertising cookies.
  • IP addresses: We log IP addresses for rate limiting (to prevent abuse of our free scan feature) and security purposes. IP logs are automatically purged after 30 days.

2. How We Use Your Information

  • To provide and maintain the Axara scanning service
  • To generate accessibility reports and compliance scores
  • To send you scan results, alerts about new violations, and service updates
  • To process payments and manage your subscription
  • To respond to your support requests and communications
  • To detect and prevent abuse, fraud, and security threats
  • To improve our scanning engine, user experience, and service reliability

3. How We Scan Websites

When you submit a URL for scanning, our server loads the page in a headless browser (similar to how Google's crawler accesses websites) and runs the open-source axe-core accessibility testing library against it. We only access publicly available pages. We do not:

  • Log in to your website or access authenticated pages
  • Store copies of your website's content beyond what's needed for the scan report (HTML snippets of violating elements)
  • Modify your website in any way
  • Share your scan results with anyone other than your account

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these cases:

  • Service providers: We use Stripe for payment processing, Resend for transactional email delivery, and cloud infrastructure providers for hosting. These providers process data on our behalf under strict contractual obligations.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order, or to protect the rights and safety of our users and service.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you before your data becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures including:

  • Passwords hashed with bcrypt (never stored in plain text)
  • All data transmitted over HTTPS/TLS encryption
  • Database access restricted to authenticated application services
  • Regular security updates and dependency auditing
  • Rate limiting to prevent brute-force and abuse attacks

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Account data: Retained as long as your account is active. Upon deletion request, we remove your account and associated data within 30 days.
  • Scan results: Stored for the lifetime of your account so you can track compliance history. Deleted within 30 days of account deletion.
  • Free scan results: Anonymous free scans (no account) are stored for 24 hours, then automatically purged.
  • IP logs: Purged automatically after 30 days.

7. Your Rights

You have the right to:

  • Access your personal data — view what we store about you
  • Correct inaccurate data in your account
  • Delete your account and all associated data
  • Export your scan reports in PDF format
  • Opt out of non-essential emails (you can unsubscribe from weekly digests; transactional emails about your scans cannot be disabled while your account is active)

To exercise any of these rights, email us at contact@Axara.com.

8. Cookies

We use only essential cookies required for authentication (session tokens). We do not use advertising cookies, social media trackers, or third-party analytics cookies. No cookie consent banner is needed because we don't use non-essential cookies.

9. Children's Privacy

Axara is not directed at children under 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided us with personal data, we will delete it promptly.

10. International Data Transfers

Our servers are located in the European Union. If you access our service from outside the EU, your data may be transferred to and processed in the EU. By using our service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: contact@Axara.com