Fair Access Shield privacy policy ready.

This is a draft template generated by an AI assistant. It must be reviewed by qualified counsel licensed in the relevant jurisdiction before being relied on. Date of legal review: pending.
Fair Access Shield shield mark

Fair Access Shield

Privacy Policy

This draft describes how Fair Access Shield expects to collect, use, retain, and protect data when people create accounts, submit sites for accessibility scans, use Studio, export evidence, and manage billing.

Controller and contact

Fair Access Shield is the data controller for account, product, support, and scan data handled through this service unless a signed customer agreement says otherwise. Privacy requests go to privacy@fairaccessshield.com.

Data we collect

Legal basis

Fair Access Shield expects to process data under consent, contract necessity, and legitimate interest. EEA users may have GDPR rights; California users may have CCPA/CPRA rights; users elsewhere may have rights under local privacy laws. This draft must be reconciled with the jurisdictions where the service is sold.

Retention

Processors

Fair Access Shield expects to use Google for authentication, Stripe for billing, a hosting provider for application infrastructure, and a transactional email sender for account and operational notices. A current DPA list may be requested at privacy@fairaccessshield.com.

Privacy rights

Depending on location, users may request access, deletion, correction, portability, objection to processing, or withdrawal of consent. Fair Access Shield expects to respond within 30 days unless a shorter legal deadline applies.

Cookies

The service expects to use session and CSRF cookies needed for login, account security, and service operation. It does not currently use advertising cookies. If analytics beyond necessary service telemetry are added, this policy and any consent flow must be updated before launch in jurisdictions that require consent.

Children

Fair Access Shield is not intended for anyone under 16 and does not knowingly collect data from children under 16. The matching minimum-age requirement belongs in the Terms of Service.

International transfers

Data is expected to be stored in the United States. For EEA-resident users, Standard Contractual Clauses or another approved transfer mechanism should be available on request once counsel approves the final policy.

Updates

Material changes should receive 30 days of notice by email and in-product notice. Non-material corrections may be posted by updating this page. A review is triggered by new processors, new analytics, new retention periods, new jurisdictions, or a material product change.

Review status

Last reviewed: Counsel review pending; not approved for reliance. Required reviewers: privacy counsel and product owner