Privacy Policy
Effective date: July 5, 2026
This Privacy Policy describes how VentureWorxs LLC ("we," "us," "our") collects, uses, and protects information when you use AccessWorxs (the "Service"). It applies to consultants with accounts, their clients who view the read-only client portal, and visitors who contact us through the website.
1. Information We Collect
- Account information. Your email address, provided through our login provider (Cloudflare Access) when you sign in. We do not store passwords — authentication is handled by one-time email codes.
- Billing information. Payments are processed by Stripe. We store your Stripe customer and subscription identifiers and your plan; we never see or store your full card number.
- Scan data. When you scan a website: page URLs, accessibility findings (rule, affected element, code snippet), page screenshots, and computed scores. We crawl and render pages to evaluate them; we do not retain full page content beyond the findings and screenshots described here.
- Stored scan credentials. If you configure authenticated scanning, the login credentials you provide are encrypted at rest with AES-256-GCM. The encryption key is held outside the database, plaintext is never returned to any user interface or written to logs, and credentials are decrypted only in memory during a scan you initiate.
- Contact form submissions. Name, email, company, message, and (for audit requests) the domain in question.
- Usage and log data. Operational logs (errors, scan events), API key usage aggregated by day and endpoint, and timestamps such as last-used dates. We use these to run and secure the Service, not for advertising.
2. How We Use Information
We use the information above to operate the Service: running scans you request, generating reports, billing, sending transactional email (scan notifications, trial reminders, alerts), responding to inquiries, enforcing plan limits, and detecting abuse. We do not sell your information or use it for third-party advertising.
3. AI Processing
If you request AI remediation suggestions, the relevant accessibility finding — the rule, the affected HTML snippet, and related context from the scanned page — is sent to Anthropic's API to generate the suggestion. Stored credentials and billing data are never sent to AI providers.
4. Subprocessors
| Provider | Purpose |
|---|---|
| Cloudflare | Hosting, authentication (Cloudflare Access), content delivery, scan rendering, and object storage (screenshots, reports) |
| Neon | Database hosting (accounts, projects, scans, findings, encrypted credentials) |
| Stripe | Payment processing and subscription management |
| Resend | Transactional email delivery |
| Anthropic | AI remediation suggestions (finding context only, on request) |
5. Retention
- Screenshots are deleted automatically after 30 days.
- Generated reports and VPATs are deleted automatically after 1 year.
- Findings, scores, and project data are retained while your account is active, so score history and trend reporting keep working.
- Contact form submissions and operational logs are retained for as long as needed for support and security purposes.
6. Your Rights
You may access and correct your account data from the dashboard. To request a copy of your data or deletion of your account and its data, email info@accessworxs.com from your account email; we will act on verified requests within 30 days. Depending on where you live (including the EU/EEA and UK under the GDPR, and certain US states), you may have additional statutory rights to access, correct, delete, or port your data, and the right to complain to a supervisory authority.
7. Client Portal Visitors
If a consultant grants you access to the read-only client portal, we process your email address (provided by the consultant and used for login) and standard access logs. The scan data you see there belongs to the consultant's engagement; ask the consultant about its handling.
8. Cookies
The Service uses only the session cookie set by Cloudflare Access to keep you signed in. We do not use advertising or cross-site tracking cookies.
9. Security
Security measures include encryption in transit (TLS) for all traffic, AES-256-GCM encryption at rest for stored scan credentials with key rotation capability, single-use login codes instead of passwords, parameterized database access, role-based authorization on every request, and audit logging of sensitive operations. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you as required by law.
10. Children
The Service is a business tool and is not directed to children under 16. We do not knowingly collect information from children.
11. Changes
We may update this policy. Material changes will be announced by email or in the dashboard, with the effective date updated above.
12. Contact
VentureWorxs LLC · info@accessworxs.com