← Accessibility Scanner EU

Privacy Policy

Last updated: March 14, 2026

1. Data Controller

The data controller for this service is:

Tuntura Oy
Ylöjärvi, Finland
Email: privacy@mail.accessibilityscanner.eu

2. Data We Collect and Purposes

2.1 Scan Data

When you submit a URL for scanning, we process the publicly accessible content of that page. We store the scan results (URL, accessibility score, detected violations, and timestamp) to display your results and to generate reports.

Purpose: service delivery. Legal basis: contract performance (Art. 6(1)(b) GDPR).

2.2 Newsletter Subscription

If you subscribe to our newsletter, we collect your email address. This data is used to send you accessibility tips, product updates, and EAA compliance news.

Purpose: direct marketing. Legal basis: consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.

2.3 Payment Data

Payments are processed entirely by Stripe. We never collect, store, or have access to your payment card numbers, CVV codes, or other sensitive payment information. Stripe handles all payment data in compliance with PCI DSS standards. We only receive a confirmation of payment status, your email address, and a transaction identifier from Stripe.

Purpose: payment processing. Legal basis: contract performance (Art. 6(1)(b) GDPR).

2.4 Technical Data

We may collect standard server logs including IP address, browser type, and access timestamps for security and performance monitoring purposes.

Purpose: security and service reliability. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

3. Cookies and Tracking

We use Google Ads with Google Consent Mode v2 for conversion tracking. Advertising and analytics cookies are only set after you give consent via our cookie banner. Without consent, Google operates in cookieless mode and no personal data is collected for advertising purposes.

We may also use essential cookies required for the service to function (e.g., locale preference). These do not require consent under GDPR.

We use Vercel Analytics for anonymous, aggregated usage statistics. This does not use cookies or collect personal data.

4. Data Sharing and Processors

We do not sell your data. We share data with the following processors who act on our behalf under data processing agreements:

  • Vercel (USA) — hosting, deployment, and analytics
  • Supabase (EU) — database storage
  • Resend (USA) — transactional email delivery
  • Stripe (USA) — payment processing
  • Google (USA) — advertising conversion tracking

5. International Data Transfers

Some of our processors (Vercel, Resend, Stripe, Google) are based in the United States. These transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, and where applicable, additional supplementary measures. Each processor maintains certifications and commitments to protect data in accordance with GDPR requirements.

6. Data Retention

  • Scan results — retained for up to 12 months, then automatically deleted
  • Newsletter subscriptions — retained until you unsubscribe or request deletion
  • Payment records — retained as required by applicable accounting and tax laws
  • Server logs — retained for up to 90 days

7. Your Rights Under GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Restriction — request restriction of processing
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at privacy@mail.accessibilityscanner.eu. We will respond within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the latest revision at the top of this page. Material changes will be communicated via the service or by email where appropriate.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
tietosuoja.fi

You may also contact the supervisory authority in your own EU/EEA member state.