Privacy policy

The General Data Protection Regulation (GDPR) applies to our processing of personal data as we serve users in the European Union and store data within the EU.

Personal data includes any information that relates to an identified or identifiable person — such as usernames, avatars (public GitHub profile), and payment information.

We process personal data when you: Visit our site, Create an account via GitHub, Make a purchase via Stripe, View or post to public leaderboards, Interact with dashboard features, Send us an email

Emails are used to respond to user inquiries or service issues. The legal basis is legitimate interest. Your data is stored securely and only for as long as needed.

Emails are retained only for the time required to respond to your query, and up to 5 years afterward to meet legal or audit obligations.

Emails are hosted by Mailo, a secure provider based in Paris, France. No email data is transferred outside the EU.

Email content may be accessed by support staff, legal advisors, or auditors as required for legal compliance or operations.

Under GDPR, you have the right to access, rectify, erase, or restrict processing of your email data. You also have rights to object and to decide the fate of your data after death.

If you believe your data is misused, you can contact CNIL, France’s data protection authority

GitHub user profile data (public avatar, username) is processed under legitimate interest, and displayed for community purposes (e.g., leaderboard).

The use of GitHub profiles enables a functional user experience for registration and ranking within public dashboards.

We store profile data as long as your account is active. Post-deletion, we retain limited data for legal compliance as necessary.

Data is hosted on servers within the EU (France – Supabase region Paris). No transfers outside the EU are currently made.

Profile information may be shared internally or with legal authorities if required by law.

You have full rights under GDPR regarding your profile data: access, correction, deletion, objection, portability, and post-mortem directives.

You maintain full GDPR rights over your profile data, including after your death.

If you believe your profile data is mishandled, you can contact CNIL to file a complaint.

Navigation and connection metadata are collected automatically for site operation and security monitoring (e.g., IP address).

This data is used to detect fraud, manage abuse, and secure the platform (with help from IPQualityScore and Cloudflare).

Navigation logs are kept for 14 months unless longer retention is required by law.

Visit data is only shared when legally required or with your explicit consent.

Authorized staff and third-party security providers may access visit logs as needed.

You have rights over this data just like any other personal information under GDPR.

You may submit complaints about visit tracking practices to CNIL via their official site.

a11yStart uses only strictly necessary cookies for functionality. No tracking or ad cookies are used.

We use Google Analytics to analyze website traffic anonymously. We anonymize IP addresses before they are processed by Google.

Your IP address is anonymized within the EU before being sent to Google, except in rare cases.

You can opt out of cookie storage by adjusting your browser settings. More info here.

For details on how Google handles your data: Google Privacy & Terms

We use Cloudflare to mitigate DDoS attacks and secure our infrastructure. Privacy Policy: Cloudflare Privacy

We apply security headers, Supabase's encrypted data layer, role-based access, Cloudflare WAF, and IPQualityScore to protect your data.

We integrate with: GitHub (auth), Stripe (payments), Supabase (backend), Mailo (email hosting), EmailJS (form-to-email), IPQualityScore (fraud detection), SightEngine (moderation)

You can exercise your data rights by contacting us at:

This policy may be updated without prior notice. You will be informed by email or via an announcement on our site.

GDPR policy by Cloudflare (🇫🇷 French)

Confidentiality rules by Mailo (🇫🇷 French)

Real-time fraud prevention platform (🇬🇧 English)

Content moderation GDPR policy (🇬🇧 English)

Client-side email service privacy policy (🇬🇧 English)

Payment processor privacy policy (🇫🇷 French)

PostgreSQL backend service GDPR policy (🇬🇧 English)