Privacy Policy

Last updated: May 4, 2026

1. Who we are

adasafe.ai is an AI-powered web accessibility compliance platform operated by adasafe.ai, registered in the United Arab Emirates.

Contact: privacy@adasafe.ai
Website: https://adasafe.ai

2. What information we collect

Information you provide

  • Email address and authentication data
  • Scan URLs submitted for accessibility testing
  • Billing information (handled entirely by Paddle)
  • Communications with our support team

Information collected automatically

  • IP address, browser type, device information
  • Usage data and log files
  • Cookies and similar technologies (see our Cookie Policy)

Payment data

All payments are processed by Paddle.com Market Limited, our Merchant of Record. adasafe.ai never receives, stores, or processes payment card data. All payment data is handled by Paddle in accordance with PCI DSS standards. See Paddle’s privacy policy.

3. How we use your information

  • To provide and operate the service
  • To send scan completion emails and PDF reports
  • To manage your subscription via Paddle
  • To improve the platform
  • For security and fraud prevention
  • To comply with legal obligations
  • To respond to support requests

4. Legal bases for processing (GDPR)

If you are in the EU or UK, we process your personal data under the following legal bases:

  • Contract: to fulfill our service obligations to you
  • Legitimate interests: to improve our service, prevent fraud, and ensure security
  • Legal obligation: to comply with applicable laws
  • Consent: where you have given explicit consent (e.g. marketing communications)

You may withdraw consent at any time by contacting privacy@adasafe.ai. Withdrawal does not affect lawfulness of prior processing.

5. AI processing

We use Anthropic Claude to generate accessibility fix suggestions. Only violation metadata (rule IDs, element selectors, descriptions) is sent to Anthropic — never your personal data or raw HTML. Our use of AI is governed by Anthropic’s privacy policy.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Third-party services

We share data with the following service providers:

  • Paddle — payment processing (Merchant of Record)
  • Anthropic — AI fix suggestions
  • Supabase — database and authentication
  • Railway / Fly.io — cloud infrastructure
  • Postmark — transactional email delivery
  • PDFShift — PDF report generation
  • Sentry / Axiom — error monitoring and logging
  • Termly — cookie consent management
  • Google — Google Sign-In authentication

We do not sell your personal data to third parties. We do not share data for advertising purposes.

7. Data retention

We retain your personal data for as long as your account is active. You may delete your account at any time from account settings, which triggers permanent deletion of your data within 30 days. Some data may be retained longer where required by law (e.g. financial records).

8. International data transfers

Your data may be processed in the United States and European Union. For EU/UK data transfers, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. SCCs are available on request at privacy@adasafe.ai.

9. Your rights

EU/UK residents (GDPR)

  • Right to access your personal data
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

California residents (CCPA/CPRA)

  • Right to know what personal data we collect
  • Right to delete personal data
  • Right to correct inaccurate data
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

US state residents (Colorado, Connecticut, Virginia, and other applicable states)

  • Right to access, correct, and delete personal data
  • Right to opt-out of targeted advertising (we do not conduct targeted advertising)

Canada residents (PIPEDA)

  • Right to access and correct personal data
  • Right to withdraw consent

To exercise any right, visit /dashboard/account or email privacy@adasafe.ai. We will respond within 30 days.

10. Do-Not-Track

We do not currently respond to Do-Not-Track (DNT) browser signals as no uniform standard exists. We will update this policy if a standard is adopted.

11. California “Shine the Light”

California residents may request information about personal data disclosed to third parties for direct marketing purposes. We do not disclose personal data for direct marketing. Contact: privacy@adasafe.ai.

12. Cookies

We use cookies for authentication and analytics. See our Cookie Policy. Manage your preferences via our cookie consent banner.

13. Children

Our service is not directed at children under 18. We do not knowingly collect data from minors. If we discover data collected from a minor we will delete it promptly. Contact privacy@adasafe.ai if you believe we have collected data from a minor.

14. Security

We implement appropriate technical and organisational security measures including SSL encryption, row-level security, JWT authentication, and access controls. No system is 100% secure and we cannot guarantee absolute security.

15. Updates

We may update this policy. Material changes will be notified by email or prominent notice on the site. The “last updated” date will be revised. Continued use after changes constitutes acceptance.

16. Contact / DPO

Data Protection Officer
privacy@adasafe.ai
adasafe.ai, Dubai, United Arab Emirates

To review, update, or delete your data: /dashboard/account