1. Introduction
This Privacy Policy describes how Tajalys Inc. ("we", "our") collects, uses, stores and protects the personal information of AccessAudit platform users.
We comply with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Law 25, the General Data Protection Regulation (GDPR) and applicable international standards.
2. Data controller
Tajalys Inc.
80 Mapleton Road, Unit 11-84, Moncton, NB, E1C 7W8, Canada
Data Protection Officer
Email: privacy@access-audit.com
3. Data collected
We collect the following categories of data:
- Account data: email address, password (hashed), registration date
- Agency data: company name, logo, brand color, contact email (voluntarily provided)
- Usage data: scanned URLs, audit scores, report history, client names (entered by user)
- Payment data: processed exclusively by Stripe (we have no access to card numbers)
- Technical data: IP address, browser, error logs (via Sentry)
4. Processing purposes
We use your data to:
- Provide the accessibility audit Service
- Authenticate your account and manage your subscription
- Send service notifications (scan completed, payment failed)
- Improve the Service quality through anonymized usage analysis
- Comply with legal obligations (billing, accounting retention)
5. Legal basis
The processing of your data is based on:
- Contract performance (Terms accepted upon registration)
- Your consent for optional data (logo, agency info)
- Our legal obligations (invoice retention for 7 years under Canadian law)
6. Sub-processors
We use the following providers, all GDPR compliant:
- Vercel Inc. (United States) — Web hosting
- Supabase Inc. (Singapore / United States) — Database and authentication
- Stripe Inc. (Ireland / United States) — Payment processing (PCI-DSS Level 1)
- Zoho Corporation (Canada) — Email service
- Upstash, Inc. (United States) — Asynchronous task queue
- Google Cloud (Gemini API) (United States) — AI-powered accessibility remediation suggestions. Strict Guarantee: Data submitted via the API is isolated and is strictly not used to train Google's or Tajalys Inc.'s artificial intelligence models.
- Functional Software Inc. (Sentry) (United States) — Application error monitoring
- Railway Corp. (United States) — Site analysis worker
All these sub-processors are contractually bound by data protection clauses equivalent to those required by GDPR.
7. Retention period
Your data is retained:
- Active account: throughout the duration of Service use
- Deleted account: full deletion within 30 days
- Audit reports: according to plan retention (30 days Free, 365 days Pro, 3 years Agency)
- Invoices: 7 years (Canadian accounting obligation)
- Sentry error logs: 30 days
8. Your rights
Under applicable laws, you have the following rights:
- Access: obtain a copy of your personal data
- Rectification: correct inaccurate data
- Deletion: request the erasure of your account and data
- Portability: retrieve your data in a structured format (CSV)
- Opposition: object to processing for legitimate reasons
- Complaint: file a complaint with the Office of the Privacy Commissioner of Canada or your local authority
To exercise these rights, contact us at privacy@access-audit.com. Response within 30 days.
9. Cookies
We only use essential technical cookies necessary for Service operation:
- Authentication cookies (Supabase)
- Session cookies (Next.js)
- Language preference cookie (next-intl)
No advertising or behavioral tracking cookies are used. No data is shared with third-party advertisers.
10. Data security
We implement the following security measures:
- HTTPS/TLS encryption for all communications
- Hashed passwords (bcrypt via Supabase Auth)
- Data isolation per user (Row Level Security)
- Daily automatic backups (Supabase Pro)
- Real-time error monitoring (Sentry)
- Regular security updates
11. International transfers
Some of your data is transferred to servers located in the United States, Ireland or Singapore (see sub-processors list). These transfers are governed by Standard Contractual Clauses compliant with GDPR and Quebec's Law 25 requirements.
12. Contact
For any question regarding the protection of your data, you can contact us:
By email: privacy@access-audit.com
By mail: Tajalys Inc., 80 Mapleton Road, Unit 11-84, Moncton, NB, E1C 7W8, Canada
13. Policy changes
This policy may be updated to reflect legal or technical changes. Any substantial modification will be notified to users by email at least 30 days before its entry into force. The last update date is indicated at the top of this page.
See also: Legal Notice · Terms of Service