Privacy policy
a11yStart (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR). Last updated: 21 June 2024
GDPR Applicability
The General Data Protection Regulation (GDPR) applies to our processing of personal data as we serve users in the European Union and store data within the EU.
What Is Personal Data?
Personal data includes any information that relates to an identified or identifiable person — such as usernames, avatars (public GitHub profile), and payment information.
When Do We Process Data?
We process personal data when you: Visit our site, Create an account via GitHub, Make a purchase via Stripe, View or post to public leaderboards, Interact with dashboard features, Send us an email
Email Data Processing
Emails are used to respond to user inquiries or service issues. The legal basis is legitimate interest. Your data is stored securely and only for as long as needed.
Email Retention Period
Emails are retained only for the time required to respond to your query, and up to 5 years afterward to meet legal or audit obligations.
Email Storage & Transfers
Emails are hosted by Mailo, a secure provider based in Paris, France. No email data is transferred outside the EU.
Email Data Recipients
Email content may be accessed by support staff, legal advisors, or auditors as required for legal compliance or operations.
Your Email Rights
Under GDPR, you have the right to access, rectify, erase, or restrict processing of your email data. You also have rights to object and to decide the fate of your data after death.
CNIL Complaints – Email
If you believe your data is misused, you can contact CNIL, France’s data protection authority
User Profile Data – Legal Basis
GitHub user profile data (public avatar, username) is processed under legitimate interest, and displayed for community purposes (e.g., leaderboard).
Profile Usage & Objectives
The use of GitHub profiles enables a functional user experience for registration and ranking within public dashboards.
Profile Retention
We store profile data as long as your account is active. Post-deletion, we retain limited data for legal compliance as necessary.
Profile Data Storage
Data is hosted on servers within the EU (France – Supabase region Paris). No transfers outside the EU are currently made.
Profile Recipients
Profile information may be shared internally or with legal authorities if required by law.
Your Profile Rights
You have full rights under GDPR regarding your profile data: access, correction, deletion, objection, portability, and post-mortem directives.
Your Rights Regarding Profile Data
You maintain full GDPR rights over your profile data, including after your death.
Profile Data – CNIL Complaint
If you believe your profile data is mishandled, you can contact CNIL to file a complaint.
Visit: Data Collection
Navigation and connection metadata are collected automatically for site operation and security monitoring (e.g., IP address).
Visit Purpose
This data is used to detect fraud, manage abuse, and secure the platform (with help from IPQualityScore and Cloudflare).
Visit Data Retention
Navigation logs are kept for 14 months unless longer retention is required by law.
Visit Transfers
Visit data is only shared when legally required or with your explicit consent.
Visit Recipients
Authorized staff and third-party security providers may access visit logs as needed.
Your Visit Rights
You have rights over this data just like any other personal information under GDPR.
CNIL Complaints – Visits
You may submit complaints about visit tracking practices to CNIL via their official site.
Use of Cookies
a11yStart uses only strictly necessary cookies for functionality. No tracking or ad cookies are used.
Google Analytics
We use Google Analytics to analyze website traffic anonymously. We anonymize IP addresses before they are processed by Google.
IP Anonymization
Your IP address is anonymized within the EU before being sent to Google, except in rare cases.
Opt-out via Browser
You can opt out of cookie storage by adjusting your browser settings. More info here.
Google’s Policy
For details on how Google handles your data: Google Privacy & Terms
Cloudflare Protection
We use Cloudflare to mitigate DDoS attacks and secure our infrastructure. Privacy Policy: Cloudflare Privacy
Data Security Measures
We apply security headers, Supabase's encrypted data layer, role-based access, Cloudflare WAF, and IPQualityScore to protect your data.
External Services & Partners
We integrate with: GitHub (auth), Stripe (payments), Supabase (backend), Mailo (email hosting), EmailJS (form-to-email), IPQualityScore (fraud detection), SightEngine (moderation)
Contact & Rights Requests
You can exercise your data rights by contacting us at:
Privacy Policy Updates
This policy may be updated without prior notice. You will be informed by email or via an announcement on our site.
Partner: Cloudflare
GDPR policy by Cloudflare (🇫🇷 French)
Partner: Mailo
Confidentiality rules by Mailo (🇫🇷 French)
Partner: IPQualityScore
Real-time fraud prevention platform (🇬🇧 English)
Partner: SightEngine
Content moderation GDPR policy (🇬🇧 English)
Partner: EmailJS
Client-side email service privacy policy (🇬🇧 English)
Partner: Stripe
Payment processor privacy policy (🇫🇷 French)
Partner: Supabase
PostgreSQL backend service GDPR policy (🇬🇧 English)