Legal

Privacy Policy

Effective Date: January 1, 2026 · Last Updated: June 2026

1. Who We Are

Ardor Accessibility ("Ardor," "we," "us") operates the Ardor Accessibility platform, providing web accessibility scanning, automated accessibility adjustments, compliance documentation, and two web portals — an internal admin portal and a client-facing portal. This Privacy Policy describes how we collect, use, and protect information in connection with our services and this website (ardoraccessibility.com).

2. Information We Collect

Demo Request Form: When you request a demo, we collect your name, email address, phone number, and website URL. Demo submissions are processed through Web3Forms (a third-party form-delivery service) and our own backend so we can respond to your inquiry.

Free Accessibility Scan: When you use our free public scanner, we collect your name, email address, phone number, and the website URL you ask us to scan. We store this as a sales lead and may follow up about your accessibility needs.

Client Account & Business Contact Information: When we set up a paying client, we store business-contact details for the account — contact name, email address, phone number, and job title/position — along with the client's domain, subscription plan, widget settings, and account status (active or deactivated).

Portal Accounts: Admin and client-portal users provide an email address and password. Passwords are hashed using bcrypt and never stored in plain text. For security and fraud prevention, we also record the date/time and IP address of portal logins.

Website Visitor Widget Data: The Ardor Accessibility widget installed on client websites does NOT collect personally identifiable information (PII) from website visitors. The widget transmits only technical remediation data:

  • CSS selectors of elements with accessibility issues
  • WCAG rule IDs and success criteria references
  • Whether an adjustment was successfully applied
  • Widget version and page URL

Scan Data: When we scan a website, we collect publicly available HTML content, page structure, and accessibility data. No visitor user data, session data, or PII is collected during scans.

3. How We Use Information

  • To respond to demo and free-scan requests and other service inquiries
  • To provide accessibility scanning, automated adjustments, and reporting services
  • To generate compliance documentation (gap analyses, conformance statements, proof of effort packages)
  • To secure portal accounts and prevent fraud and abuse
  • To improve our scanning and remediation capabilities
  • To communicate with clients about their service (scan results, reports, service updates)

4. How We Share Information & Service Providers

We do not sell, rent, or trade personal information. We share information only with the service providers needed to run the platform, and only as described here:

  • AI provider (Anthropic): For AI-generated image alt text, image content from the scanned website — not merely the image URL — is transmitted to Anthropic's API for analysis. We send only the images that need descriptions, along with minimal page context.
  • Email delivery (Resend): We use Resend to send transactional email such as portal invitations, password resets, and report notifications. Recipient names and email addresses are shared for delivery.
  • Form processing (Web3Forms): Demo-request form submissions (name, email, phone, website) are delivered to us through Web3Forms.
  • Hosting & infrastructure (DigitalOcean): Our application and database are hosted on DigitalOcean servers located in the United States, where platform data is physically stored.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order, or to protect our rights.
  • Client reports: Compliance documents are generated for, and shared only with, the respective client.

Each provider processes data only to perform services for us and is expected to protect it. These providers maintain their own privacy practices.

5. Data Security

  • Passwords are hashed using bcrypt (one-way encryption)
  • Sessions use cryptographically secure tokens with automatic expiry
  • Login rate limiting prevents brute-force attacks
  • Security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) are enforced on responses
  • The platform and widget communicate over HTTPS in production

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

  • Demo-request and free-scan lead data is retained for up to 12 months
  • Scan results and remediation logs are retained for the duration of the client's subscription plus 12 months
  • Portal and client account data is deleted upon request or 12 months after account deactivation

7. Cookies

Our portals use first-party session cookies for authentication: ardor_session (internal admin portal) and ardor_client_session (client portal). Both are HttpOnly, expire automatically, and do not track users across other websites. The marketing website (ardoraccessibility.com) does not use advertising or cross-site tracking cookies.

8. Your Privacy Rights

You may request to access, correct, delete, or receive a copy of the personal information we hold about you, and you may withdraw consent or ask us to stop contacting you. We do not sell or rent your personal information, and we will not discriminate against you for exercising these rights.

How to exercise your rights: Email info@ardoraccessibility.com. To protect your data, we may need to verify your identity before acting on a request. We aim to respond within 30 days; where a longer period is permitted under applicable law (for example, up to 45 days, extendable once, under California law), we will let you know.

Depending on where you live, you may have additional rights under laws such as the EU/UK GDPR or the California Consumer Privacy Act (CCPA/CPRA). To the extent these or similar laws apply to us, we honor the rights they provide. If you would like to make a request under a specific law, mention it in your message and we will handle it accordingly.

9. Data Breach Notification

If a security incident affects your personal information, we will notify affected individuals and the appropriate authorities where and as required by applicable law.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

11. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to have it removed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes by email. The "Last Updated" date at the top reflects the most recent revision.

13. Contact

For privacy-related inquiries:
Ardor Accessibility
8801 JM Keynes Drive, Suite 400, Charlotte, NC 28262
Email: info@ardoraccessibility.com
Web: ardoraccessibility.com