AccessProof

Last updated 2026-07-07

Privacy Policy

1. Who we are

AccessProof by CogentFlow is a technical accessibility assessment product operated by CogentFlow. Contact us at [email protected].

2. What data we collect

Depending on how you use the service, we may collect account email and name, submitted website URLs, scan results, accessibility findings, screenshots of scanned public web pages, generated PDF/CSV/Markdown reports, payment and order metadata from Lemon Squeezy, analytics events, support messages, contact messages, and technical logs.

3. What we do not intentionally collect

AccessProof v1 is designed for public pages. We do not intentionally collect passwords for scanned sites, authenticated private pages, private internal systems, or payment card details. Card details are handled by Lemon Squeezy or the relevant payment processor.

4. Why we use data

We use data to provide scans and reports, generate evidence and recommendations, process purchases, support users, prevent abuse and security issues, debug reliability problems, and improve product quality.

5. Third-party processors

AccessProof may use Lemon Squeezy for payments, Resend or Postmark for email, Cloudflare R2 or S3-compatible storage for artifacts, Neon or another PostgreSQL provider for database hosting, Upstash or another Redis provider for queues/rate limits, Vercel and Railway for hosting, Sentry if configured for error monitoring, Cloudflare Turnstile for abuse prevention, and Google OAuth if enabled.

6. Retention

Free scan artifacts may be deleted after 30 days. Paid reports are generally retained while the related account or order exists unless deletion is requested and retention is not required for operational, security, legal, or billing reasons. Logs are retained for operational and security purposes. Retention periods may vary by plan, configuration, and legal requirement.

7. User rights

You may request access, correction, or deletion of personal data by contacting [email protected]. Rights and response obligations may vary by jurisdiction.

8. International transfers

Our providers may process data in different regions. We do not claim EU-only hosting unless a specific deployment is configured and documented that way.

9. Security

AccessProof is designed to store report artifacts privately, use signed URLs for artifact access, enforce organization-scoped report access, escape raw snippets before rendering, and apply SSRF protections so scans do not target private/internal network resources.

10. Contact

For privacy requests, data deletion, or questions, contact [email protected]. See also our Terms, Security, and Disclaimer.