AccessComply

Legal

Privacy Policy

Last updated: February 8, 2026

This Privacy Policy describes how AccessComply ("we," "us," or "our") collects, uses, and shares information when you install and use the AccessComply application ("App") through the Shopify platform.

1. Information We Collect

Information collected through Shopify APIs

When you install AccessComply, we access the following data through Shopify's APIs:

  • Store information: Your store name, domain, and Shopify plan details to configure the App and manage your subscription.
  • Theme files: Your theme's Liquid templates, CSS, and JavaScript files. We read these files to scan for accessibility violations and generate fixes. We write to these files only when you explicitly approve a fix.
  • Product data: Product titles, descriptions, and image URLs to scan product pages for accessibility violations and generate alt text.
  • Online store pages: Page content to scan for accessibility violations.

Information collected directly from you

  • Account information: Your email address for service communications and support.
  • Settings and preferences: Your scan frequency, notification preferences, and plan tier selection.
  • Accessibility statement content: Information you provide when creating an accessibility statement for your store (organization name, contact details, compliance commitments).

Information generated by the App

  • Scan results: URLs scanned, violations detected, compliance scores, and risk assessments.
  • Fix records: Details of fixes generated, applied, and verified for your store.
  • Monitoring data: Scan history and violation trends over time.

Information from your customers

  • Feedback submissions: If you enable the accessibility feedback widget, your customers may submit feedback about accessibility issues they encounter. This feedback includes the text of their message and the page URL. We do not collect customer names, email addresses, or any other personal information through the feedback widget unless voluntarily provided in the message text.
  • No tracking or cookies: AccessComply does not place cookies on your customers' browsers, does not track customer behavior, and does not collect customer browsing data.

2. How We Use Your Information

We use the information we collect to:

  • Scan your store pages for WCAG 2.1 AA accessibility violations
  • Generate and apply accessibility fixes to your theme files
  • Provide compliance scores, risk assessments, and violation reports
  • Generate AI-powered alt text and ARIA labels for your store content
  • Monitor your store for new accessibility violations on the schedule you set
  • Generate compliance reports and accessibility statements
  • Manage your subscription and billing through Shopify's Billing API
  • Send you notifications about scan results and detected violations
  • Provide customer support
  • Improve the reliability and performance of the App

AI Processing

AccessComply uses AI (Claude by Anthropic) to generate alt text for images and ARIA labels for interactive elements. Your store content (image URLs, surrounding text, element context) is sent to Anthropic's API for this purpose. We do not use your data to train AI models. AI processing is performed solely to provide you with accessibility fixes at your request.

3. How We Share Your Information

We do not sell your information. We share data only in the following circumstances:

  • Anthropic (AI processing): Image URLs and element context are sent to Anthropic's Claude API to generate alt text and ARIA labels. Anthropic does not use this data for model training. See Anthropic's privacy policy.
  • Shopify: Your App usage data is shared with Shopify as required by the Shopify Partner Program Agreement and for billing purposes.
  • Infrastructure providers: We use Railway for hosting and database services. Your data is processed and stored on their infrastructure in the United States.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

4. Data Storage and Security

  • Location: Your data is stored on servers located in the United States (Railway infrastructure).
  • Security: We use encryption in transit (TLS) and at rest. Database credentials and API keys are stored as encrypted environment variables. Access to production systems is restricted to authorized personnel.
  • Backups: Theme file backups are stored to enable rollback of any fixes applied by the App. Backups are retained for 90 days after creation.

5. Data Retention

  • Scan data and violation records: Retained for as long as your App is installed, plus 30 days after uninstallation.
  • Theme file backups: Retained for 90 days after creation, or 30 days after uninstallation, whichever comes first.
  • Account information: Retained for as long as your App is installed, plus 30 days after uninstallation to support any post-uninstall inquiries.
  • Feedback submissions: Retained for as long as your App is installed, plus 30 days after uninstallation.
  • After the retention period: All merchant data is permanently deleted from our systems.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data. Note that uninstalling the App triggers automatic data deletion after the retention period.
  • Restriction: Request that we limit how we process your data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@accesscomply.com.

7. International Data Transfers

Your data is processed and stored in the United States. If you are located outside the United States (including in the European Economic Area), your data will be transferred to and processed in the United States. We take steps to ensure that your data receives adequate protection in accordance with applicable data protection laws, including the GDPR.

8. GDPR Compliance

For merchants and their customers in the European Economic Area:

  • We process data as a data processor on behalf of the merchant (data controller).
  • Our legal basis for processing is the performance of our contract with you (providing the App's services) and your consent where required.
  • We respond to data subject access requests within 30 days.
  • We have implemented mandatory Shopify privacy webhooks (customer data request, customer erasure, shop erasure) to handle data deletion requests.

9. Children's Privacy

AccessComply does not knowingly collect personal information from children under 13 (or under 16 in the EEA). The App is designed for use by Shopify merchants, not consumers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the App. The "Last updated" date at the top of this policy indicates when it was last revised.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

If you are in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.