Privacy
Last updated: 15 May 2026
What we collect
When you scan a URL, we store:
- The URL you submitted
- The date and time of the scan
- The findings from the scan
- A one-way hash of your IP address (used only for rate limiting — we cannot reverse this to identify you)
- Counts of issues found, by severity level
We do not store the HTML of the pages you scan, any cookies from scanned pages, or any personal information about you.
What we do not collect
- No user accounts or registration
- No cookies (other than a temporary PHP session used to pass data between pages, which expires when you close your browser)
- No tracking pixels or fingerprinting
- No advertising
Scan history
Scan results are stored in our database and are accessible to anyone with the results URL. Do not scan pages containing sensitive or unpublished content. We reserve the right to delete scan records at any time.
Rate limiting
To prevent abuse, we limit each IP address to 20 scans per hour. We use a hashed version of your IP address for this purpose only, and do not log raw IP addresses.
Third-party requests
When you submit a URL, our server fetches that page on your behalf. The scanned website will see a request from our server's IP address, not yours. We use the user agent string a11ycheck/1.0 (+https://a11ycheck.app).
Data retention
Scan records are retained indefinitely unless you contact us to request deletion. IP hashes are stored alongside scan records and are deleted when the record is deleted.
Your rights
If you are in the UK or EU, you have rights under UK GDPR and the Data Protection Act 2018, including the right to request deletion of data associated with your scans. As we do not store raw IP addresses, we cannot reliably identify which records belong to you — but if you can provide the scan ID or URL, we can delete those records on request.
Contact us at privacy@a11ycheck.app.
Changes to this policy
We may update this page from time to time. The date at the top of this page shows when it was last changed.