Privacy Policy
How TheAccessible.org collects, uses, stores, and shares personal information — and the rights you have over it.
- Version
- 1.0
- Published
- April 21, 2026
- Next review
- July 21, 2026
- Approved by
- Larry Anglin
1. Introduction
TheAccessible.org ("we", "our", "us") provides document accessibility remediation services. This Privacy Policy explains what personal information we collect when you use our services, why we collect it, how long we keep it, who we share it with, and the rights you have.
We follow a principle of data minimization: we collect only what we need to provide the service and meet our legal and contractual obligations.
2. Information we collect
Account information. When you create an account, we collect your email address and, if you sign in with Google, your name and profile photo from your Google account. We never see or store your Google password.
Uploaded documents. When you submit a document for accessibility conversion, we process its contents to produce remediated output. Both the uploaded file and the output are associated with your account.
Usage data. We collect information about how you interact with the service: pages visited, features used, conversion settings, file sizes, and processing times. We also log approximate geolocation derived from your IP address.
Payment information. Payments are processed by Stripe. We do not receive or store full credit card numbers. We retain your billing name, email, subscription status, and payment history as needed for accounting and tax purposes.
Support communications. If you contact us, we keep a record of the correspondence.
3. How we use information
We use personal information to:
- Provide, maintain, and improve the service.
- Authenticate you and secure your account.
- Process payments and manage subscriptions.
- Detect, prevent, and investigate fraud or abuse.
- Diagnose technical issues and measure service performance.
- Send transactional messages (receipts, security alerts, important service notices).
- Comply with legal obligations.
We do not sell or rent your personal information. We do not use your uploaded documents to train AI models, and our AI providers are contractually prohibited from training on content submitted through their enterprise APIs. See our AI & ML Disclosure for details.
We may create and use aggregated or de-identified data (for example, total documents processed per month) that cannot reasonably be linked back to you.
4. Legal bases for processing (EEA, UK, Switzerland)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Contract — to deliver the service you signed up for.
- Legitimate interests — to secure our systems, prevent fraud, and improve the service.
- Consent — where required, for example for optional cookies or certain communications. You can withdraw consent at any time.
- Legal obligation — to meet tax, accounting, and other legal requirements.
5. How long we keep information
| Category | Retention |
|---|---|
| Account profile | Life of account + 30 days |
| Uploaded documents and converted output | While associated with your account; deleted on request or on account deletion |
| Request and usage logs | Up to 90 days |
| Billing records | 7 years (tax requirement) |
| Backups | Up to 90 days |
Full details are in our Data Retention Policy.
6. Who we share information with
We share personal information only with service providers that process data on our behalf under contract, and only as needed to deliver the service. These include infrastructure, AI processing, payment, and email providers. The current list is published at Subprocessors.
We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of our users or others.
7. International data transfers
Our service is operated from the United States, and some of our subprocessors operate globally. Where personal data is transferred out of the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or equivalent safeguards. A list of transfer mechanisms is available on request.
8. Security
We use industry-standard measures to protect personal information: TLS in transit, AES-256 at rest, least-privilege access, and continuous monitoring. More detail is in our Security Overview. No system is perfectly secure; in the event of a personal data breach we will notify affected customers per our Breach Notification Policy.
9. Your rights
Subject to applicable law, you have the right to:
- Access — request a copy of the personal information we hold about you.
- Correct — ask us to fix inaccurate information.
- Delete — ask us to delete your information ("right to be forgotten").
- Export — receive your information in a portable, machine-readable format.
- Restrict or object — limit certain processing or object to processing based on our legitimate interests.
- Withdraw consent — where we rely on consent, withdraw it at any time.
- Lodge a complaint — with a data protection authority, such as your national DPA in the EEA or the ICO in the UK.
To exercise these rights, follow the Data Subject Rights Procedure. We respond substantively within 30 days.
10. California residents (CCPA / CPRA)
If you are a California resident, you have the rights above plus the right to know the categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with (all set out in sections 2, 3, and 6 above).
We do not sell or share your personal information as those terms are defined under the CCPA and CPRA.
You may exercise your California rights through the same procedure linked in section 9. We will not discriminate against you for exercising these rights.
11. Automated decision-making
We use AI models to assist with document analysis and remediation. These are tools used by or on behalf of our staff and customers — we do not make solely-automated decisions that produce legal or similarly significant effects about you. See the AI & ML Disclosure for how data is sent to AI providers and what their retention terms are.
12. Cookies and local storage
We use strictly necessary cookies and browser local storage to keep you signed in and to remember your preferences. We do not use advertising or cross-site tracking cookies. See our Cookie Policy for the full list.
13. Children's privacy
The service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact privacy@theaccessible.org and we will delete it.
14. Changes to this policy
We will update this policy as our service evolves and as the law changes. The effective date appears at the top of this page. For material changes, we will give you at least 30 days' advance notice — by email to the address on your account, by banner, or both — before the change takes effect. Prior versions remain available from the version history link below.
15. Contact
For privacy questions or to exercise your rights:
- Email: privacy@theaccessible.org
- Postal: 731 Wood Ridge Drive, Cedar Hill TX 75104
For general support, use support@theaccessible.org.