Affix is located at the bottom of the screen, scroll to see it

Privacy policy

a11yStart (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR). Last updated: 21 June 2024

GDPR Applicability

The General Data Protection Regulation (GDPR) applies to our processing of personal data as we serve users in the European Union and store data within the EU.

What Is Personal Data?

Personal data includes any information that relates to an identified or identifiable person — such as usernames, avatars (public GitHub profile), and payment information.

When Do We Process Data?

We process personal data when you: Visit our site, Create an account via GitHub, Make a purchase via Stripe, View or post to public leaderboards, Interact with dashboard features, Send us an email

Email Data Processing

Emails are used to respond to user inquiries or service issues. The legal basis is legitimate interest. Your data is stored securely and only for as long as needed.

Email Retention Period

Emails are retained only for the time required to respond to your query, and up to 5 years afterward to meet legal or audit obligations.

Email Storage & Transfers

Emails are hosted by Mailo, a secure provider based in Paris, France. No email data is transferred outside the EU.

Email Data Recipients

Email content may be accessed by support staff, legal advisors, or auditors as required for legal compliance or operations.

Your Email Rights

Under GDPR, you have the right to access, rectify, erase, or restrict processing of your email data. You also have rights to object and to decide the fate of your data after death.

CNIL Complaints – Email

If you believe your data is misused, you can contact CNIL, France’s data protection authority

User Profile Data – Legal Basis

GitHub user profile data (public avatar, username) is processed under legitimate interest, and displayed for community purposes (e.g., leaderboard).

Profile Retention

We store profile data as long as your account is active. Post-deletion, we retain limited data for legal compliance as necessary.

Profile Data Storage

Data is hosted on servers within the EU (France – Supabase region Paris). No transfers outside the EU are currently made.

Profile Recipients

Profile information may be shared internally or with legal authorities if required by law.

Your Profile Rights

You have full rights under GDPR regarding your profile data: access, correction, deletion, objection, portability, and post-mortem directives.

Your Rights Regarding Profile Data

You maintain full GDPR rights over your profile data, including after your death.

Profile Data – CNIL Complaint

If you believe your profile data is mishandled, you can contact CNIL to file a complaint.

Visit: Data Collection

Navigation and connection metadata are collected automatically for site operation and security monitoring (e.g., IP address).

Visit Purpose

This data is used to detect fraud, manage abuse, and secure the platform (with help from IPQualityScore and Cloudflare).

Visit Data Retention

Navigation logs are kept for 14 months unless longer retention is required by law.

Visit Transfers

Visit data is only shared when legally required or with your explicit consent.

Visit Recipients

Authorized staff and third-party security providers may access visit logs as needed.

Your Visit Rights

You have rights over this data just like any other personal information under GDPR.

CNIL Complaints – Visits

You may submit complaints about visit tracking practices to CNIL via their official site.

Use of Cookies

a11yStart uses only strictly necessary cookies for functionality. No tracking or ad cookies are used.

Google Analytics

We use Google Analytics to analyze website traffic anonymously. We anonymize IP addresses before they are processed by Google.

IP Anonymization

Your IP address is anonymized within the EU before being sent to Google, except in rare cases.

Opt-out via Browser

You can opt out of cookie storage by adjusting your browser settings. More info here.

Google’s Policy

For details on how Google handles your data: Google Privacy & Terms

Cloudflare Protection

We use Cloudflare to mitigate DDoS attacks and secure our infrastructure. Privacy Policy: Cloudflare Privacy

Data Security Measures

We apply security headers, Supabase's encrypted data layer, role-based access, Cloudflare WAF, and IPQualityScore to protect your data.

External Services & Partners

We integrate with: GitHub (auth), Stripe (payments), Supabase (backend), Mailo (email hosting), EmailJS (form-to-email), IPQualityScore (fraud detection), SightEngine (moderation)

Contact & Rights Requests

You can exercise your data rights by contacting us at:

Privacy Policy Updates

This policy may be updated without prior notice. You will be informed by email or via an announcement on our site.

Partner: Cloudflare

GDPR policy by Cloudflare (🇫🇷 French)

Partner: Mailo

Confidentiality rules by Mailo (🇫🇷 French)

Partner: IPQualityScore

Real-time fraud prevention platform (🇬🇧 English)

Partner: SightEngine

Content moderation GDPR policy (🇬🇧 English)

Partner: EmailJS

Client-side email service privacy policy (🇬🇧 English)

Partner: Stripe

Payment processor privacy policy (🇫🇷 French)

Partner: Supabase

PostgreSQL backend service GDPR policy (🇬🇧 English)