Privacy Policy
Last updated: 15 April 2026
This Privacy Policy explains how Accsible ("we", "us", "our") collects, uses, stores, and protects personal data when you visit accsible.com, use our dashboard, or integrate the Accsible accessibility widget on your website. This policy applies to all visitors, registered users, and end-users who interact with the Accsible widget on customer websites.
1. Who We Are
Accsible provides a browser-based accessibility widget and SaaS platform that helps websites achieve WCAG 2.2 compliance.
Our widget delivers 39 end-user accessibility tools across four categories (text, navigation, focus, and appearance),
loaded via a single <script> tag from our global CDN.
Registered office:
- 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Data Protection Contact: [email protected]
Data Controller: Denizcom Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
Supervisory Authority: We are registered with the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection and information rights. ICO registration reference: ZC114350.
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- First and last name
- Email address
- Password (stored as a salted, one-way hash — we never store plaintext passwords)
- Organization/tenant name (optional)
- Login method (email or Google OAuth)
- Referral code (if applicable)
- Communication preferences (product emails, marketing emails)
2.2 Google OAuth Data
If you choose to sign in with Google, we receive your name, email address, and profile identifier via Google’s
OAuth 2.0 protocol. We request the openid, email, and profile scopes only.
We do not access your Google contacts, calendar, files, or any other Google service data.
2.3 Payment & Billing Information
Payments are processed by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers. Stripe provides us with a customer identifier, subscription status, plan type, and billing cycle information. Please refer to Stripe’s Privacy Policy for details on how they handle payment data.
2.4 Widget & Usage Data
When you integrate the Accsible widget on your website, we collect:
- Website domain/URL associated with the widget
- Widget UUID (unique identifier per site)
- Monthly page view metrics (for quota tracking)
- Aggregated tool usage statistics (which accessibility features are activated)
- Widget configuration and customization preferences
- Real-time accessibility scores
2.5 End-User Widget Interactions
When visitors on your website use the Accsible widget, we store their accessibility preferences (such as font size, contrast mode, or reading guide settings) in the visitor’s browser local storage. This data remains on the visitor’s device and is not transmitted to our servers unless the visitor explicitly submits feedback through the widget’s built-in feedback feature.
2.6 Technical & Diagnostic Data
Our servers automatically record:
- IP address (anonymized for analytics; full IP retained in security logs for up to 90 days)
- Browser type and version (user agent string)
- Operating system
- Referring URL
- Pages visited and timestamps
- Device type (desktop, tablet, mobile)
2.7 Contact Form Submissions
When you contact us through the website, we collect the information you voluntarily provide: your name, email address, subject, and message content.
3. How We Use Your Data
We process personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the service (authentication, dashboard, widget delivery) | Performance of contract |
| Process payments and manage subscriptions | Performance of contract |
| Send essential service communications (account verification, security alerts, billing notifications) | Performance of contract |
| Send product updates and feature announcements | Legitimate interest (with opt-out) |
| Send marketing communications | Consent (opt-in) |
| Analyze aggregated usage trends to improve the service | Legitimate interest |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interest |
| Monitor errors and diagnose technical issues | Legitimate interest |
| Comply with legal obligations (tax, accounting, law enforcement requests) | Legal obligation |
| Respond to support and contact inquiries | Legitimate interest / consent |
We do not sell your personal information to third parties.
4. Third-Party Services & Data Processors
We share data with the following categories of service providers, each acting as a data processor under contract:
4.1 Analytics
- Google Analytics (GA4): We use Google Analytics to understand website traffic and usage patterns. We implement Google’s Consent Mode v2 — analytics cookies are denied by default and only activated when you accept cookies via our cookie banner. Google may process data outside the EEA; transfers are covered by Standard Contractual Clauses. Google Privacy Policy.
4.2 Payments
- Stripe: Handles all payment processing, subscription management, and billing. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy.
4.3 Authentication
- Google Sign-In: Provides OAuth 2.0 authentication for users who choose to sign in with their Google account. Google Privacy Policy.
4.4 Error Monitoring
- Sentry: Captures application errors and performance data to help us diagnose and fix issues. We configure Sentry to mask all text and block all media in session replays for privacy protection. Error data is sent only in production environments.
4.5 Scheduling
- Cal.com: Used for booking consultation calls. When you schedule a meeting, Cal.com processes your name, email, and scheduling information. Cal.com Privacy Policy.
4.6 Infrastructure
- Cloudflare: Provides CDN, DDoS protection, and performance optimization for our services. Cloudflare may process IP addresses and request metadata as part of content delivery. Cloudflare Privacy Policy.
5. Cookies & Similar Technologies
We use the following categories of cookies and storage mechanisms:
| Name / Category | Type | Purpose | Duration |
|---|---|---|---|
_cc |
Strictly necessary | Stores your cookie consent preference (accepted/denied) | 365 days |
| Authentication tokens | Strictly necessary | Maintain your logged-in session | Session / refresh cycle |
| Language preference | Functional | Remember your selected language | Persistent |
Google Analytics (_ga, _ga_*) |
Analytics (consent required) | Measure website traffic and usage patterns | Up to 2 years |
| Stripe cookies | Strictly necessary | Fraud prevention during payment processing | Session |
| Widget local storage | Functional | Store end-user accessibility preferences on their device | Persistent (device-only) |
You can manage cookie preferences through our cookie banner or your browser settings. Blocking strictly necessary cookies may prevent you from using certain features such as logging in.
6. International Data Transfers
We operate from the United Kingdom. Some of our third-party service providers may process data outside the European Economic Area (EEA) or your country of residence. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs
- Adequacy decisions by the European Commission or UK Secretary of State
- Binding Corporate Rules where applicable
7. Data Retention
We retain personal data according to the following schedule:
- Account data: For the duration of your active account, plus 30 days after account deletion to allow for recovery.
- Billing records: As required by tax and accounting regulations (typically 7–10 years).
- Security logs (IP addresses): Up to 90 days.
- Analytics data: Aggregated and anonymized; raw data retained for up to 26 months (Google Analytics default).
- Contact form submissions: Until the inquiry is resolved, then archived for up to 12 months.
- Error monitoring data (Sentry): Up to 90 days.
- Widget usage metrics: Aggregated monthly; individual session data is not retained.
When retention periods expire, data is securely deleted or irreversibly anonymized.
8. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS for all connections)
- Password hashing with salted one-way algorithms
- Role-based access controls for internal systems
- Regular security assessments and monitoring
- Content Security Policy (CSP) headers to prevent injection attacks
- DDoS protection via Cloudflare
- Sentry configured to mask all text and block media in replays
Despite these measures, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].
9. Your Rights
Depending on your jurisdiction (including under the GDPR and UK GDPR), you may have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete data. |
| Erasure | Request deletion of your personal data (“right to be forgotten”). |
| Restriction | Request that we limit processing of your data in certain circumstances. |
| Data portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interest, including direct marketing. |
| Withdraw consent | Where processing is based on consent, withdraw it at any time without affecting prior lawful processing. |
| Lodge a complaint | File a complaint with your local data protection authority (e.g., the ICO in the UK, or your EU Member State DPA). |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or the shorter period required by your applicable law). We may ask for identity verification before fulfilling your request.
10. Children’s Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, contact us at:
- Email: [email protected]
- Security issues: [email protected]
- UK Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom