Privacy Policy

Last Updated: January 17, 2026

Effective Date: January 17, 2026

1. Introduction and Scope

Brandon Armour, doing business as LiquidA11y ("Company," "we," "us," or "our"), operates the LiquidA11y accessibility scanning and remediation platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your personal information when you:

  • Visit our websites at liquida11y.com and app.liquida11y.com
  • Use our accessibility scanning, Fix-Flow Studio, or Liability Shield services
  • Connect your Shopify store via our custom app integration
  • Contact us for support or other inquiries
Important: By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Email address, name, password (stored as a cryptographic hash using bcrypt with salt), company name (optional)
  • Billing Information: Payment card details, billing address. Note: Card data is processed exclusively by Stripe, Inc. and never stored on our servers. We receive only the last four digits and expiration date for display purposes.
  • Website URLs: URLs you submit for accessibility scanning, including any associated metadata
  • Shopify Store Data: When you connect your store, we access: store name, domain, theme information, product/collection/page URLs (for scanning purposes only). We do NOT access customer personal data, orders, or financial information.
  • Communications: Emails, chat messages, support tickets, feedback, and any other communications you send to us
  • AI Chat Interactions: Conversations with our AI support assistant, which are logged for quality improvement and abuse prevention

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, scan history, Fix-Flow applications, time spent on pages, click patterns
  • Device Information: Browser type and version, operating system, device type, screen resolution
  • Network Information: IP address (may be anonymized after 30 days), approximate geolocation (country/region level)
  • Referral Data: How you arrived at our site (referrer URL, UTM parameters)
  • Cookies and Similar Technologies: Session identifiers, preferences, analytics data (see Section 8)

2.3 Website Scan Data

When you scan a website, we temporarily access and analyze publicly accessible page content to identify accessibility issues. Specifically:

  • We render pages using headless browser technology (Chromium via Playwright)
  • We analyze DOM structure, CSS styles, ARIA attributes, and visual elements
  • We may capture screenshots for AI vision analysis to detect visual accessibility issues
  • Scanned page data is processed in memory and NOT permanently stored except for aggregate issue reports
  • We do NOT access password-protected pages, logged-in user sessions, customer databases, or private backend systems
Zero-Retention Policy: For free LITE scans, page content data is deleted immediately after scan completion. For paid scans, aggregate results are retained per your plan's retention period.

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: Perform accessibility scans, generate reports, provide Fix-Flow Studio functionality, maintain Liability Shield audit trails
  • Account Management: Create and manage your account, authenticate logins, process password resets
  • Billing: Process payments, issue invoices, handle subscription management, prevent fraud
  • Customer Support: Respond to inquiries, troubleshoot issues, provide technical assistance
  • Product Improvement: Analyze usage patterns (in aggregate), identify bugs, develop new features
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Communications: Send transactional emails (scan results, account notifications), and with consent, marketing communications
  • Legal Compliance: Comply with applicable laws, respond to legal requests, enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you (e.g., providing scanning services, generating reports you purchased)
  • Legitimate Interests: Processing for our legitimate business interests (e.g., product improvement, fraud prevention, security) where not overridden by your rights
  • Consent: Processing based on your explicit consent (e.g., marketing communications, optional analytics)
  • Legal Obligation: Processing necessary to comply with applicable law (e.g., tax records, responding to valid legal requests)

5. How We Share Your Information

We do NOT sell your personal information. We have never sold personal information and have no plans to do so.

We may share information with the following categories of recipients:

5.1 Service Providers

  • Stripe, Inc.: Payment processing (PCI DSS Level 1 certified)
  • Oracle Cloud Infrastructure: Server hosting and infrastructure
  • Netlify: Frontend hosting and CDN
  • Cloudflare: DDoS protection, DNS, security
  • SendGrid/Mailgun: Transactional email delivery
  • OpenAI/Anthropic: AI analysis services (scan data may be processed; subject to their privacy policies)
  • Sentry: Error monitoring (minimal, anonymized diagnostic data)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government request, or when we believe disclosure is necessary to:

  • Comply with applicable law or legal process
  • Protect our rights, property, or safety
  • Prevent fraud or other illegal activity
  • Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website of any such change in ownership or control.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service (while your account is active)
  • Comply with legal obligations (e.g., tax records: 7 years)
  • Resolve disputes and enforce agreements

Specific Retention Periods:

  • Free LITE Scan Data: Deleted immediately after scan completion (zero retention)
  • One-Time Audit Reports: Retained for 90 days, then deleted
  • Premium Subscription Data: Retained for duration of subscription + 30 days
  • Account Data: Retained while account is active; deleted 30 days after account deletion request
  • Billing Records: Retained for 7 years for tax/legal compliance
  • AI Chat Logs: Retained for 90 days, then anonymized or deleted
  • Audit Logs (Liability Shield): Retained for 1 year or as specified by your plan

7. Data Security

We implement industry-standard technical and organizational security measures including:

  • Encryption in Transit: TLS 1.3 encryption for all data transmitted between you and our servers
  • Encryption at Rest: AES-256 encryption for stored data
  • Password Security: Passwords hashed using bcrypt with unique salts (never stored in plaintext)
  • Access Controls: Role-based access control, principle of least privilege
  • Infrastructure Security: Firewalls, intrusion detection, DDoS protection
  • Audit Logging: Comprehensive logging of system access and administrative actions
  • Vendor Security: PCI DSS compliance through Stripe for payment processing
  • Regular Assessments: Periodic security reviews and vulnerability assessments

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Cookies and Tracking Technologies

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

In summary:

  • Essential Cookies: Required for site functionality (authentication, security). Cannot be disabled.
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand usage patterns (can be declined).

You can control cookies through your browser settings or our cookie consent banner.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

9.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing communications at any time

9.2 GDPR Rights (EEA, UK, Switzerland)

  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent at any time
  • Automated Decision-Making: Not be subject to solely automated decisions with legal effects
  • Lodge Complaint: File a complaint with your local data protection authority

9.3 CCPA/CPRA Rights (California Residents)

  • Right to Know: Know what personal information is collected, used, shared, or sold
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do NOT sell or share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Information: Limit how sensitive personal information is used
  • Non-Discrimination: Not receive discriminatory treatment for exercising your rights

California residents may designate an authorized agent to make requests on their behalf. Verification may be required.

How to Exercise Your Rights

To exercise any of these rights, contact us at: privacy@liquida11y.com

We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA/CPRA), with possible extensions where permitted by law.

10. International Data Transfers

LiquidA11y is based in the United States. If you access our Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary measures where required by Schrems II decision
  • Adequacy decisions where applicable

11. Children's Privacy

LiquidA11y is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it promptly. If you believe a child has provided us with personal information, contact us immediately.

12. Do Not Track Signals

Our Service currently does not respond to "Do Not Track" browser signals. However, you can control tracking through our cookie consent mechanism and browser settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending email notification for significant changes (if you have an account)
  • Displaying a prominent notice on our website

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

  • Email: privacy@liquida11y.com
  • Operator: Brandon Armour, doing business as LiquidA11y
  • Location: California, United States

For EU/UK residents, if you have concerns about our data processing that we cannot resolve, you have the right to lodge a complaint with your local supervisory authority.