Privacy Policy
Last updated: April 24, 2026
Introduction
VPATify ("we", "us", "our") operates vpatify.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our accessibility compliance platform.
Information We Collect
- Account data: email address, name, and organization provided during sign-up or via Google OAuth.
- Scan data: URLs submitted for scanning, scan results, and VPAT documents generated on your behalf.
- Usage data: pages visited, features used, and session duration collected through analytics.
- Payment data: payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers.
- Marketplace data: specialist profiles, reviews, and project details submitted through the marketplace.
How We Use Your Data
- Provide, maintain, and improve our services.
- Generate accessibility reports and VPAT documents based on your scans.
- Send transactional emails such as scan results, account notifications, and security alerts.
- Analyze aggregate platform usage to improve features and user experience.
We do not sell your data to third parties. We do not use your scan data to train AI models.
Data Storage & Security
- Data is stored in Neon PostgreSQL databases hosted in the US-East region.
- File storage (VPAT exports, scan artifacts) is provided by Cloudflare R2.
- All data is encrypted in transit using TLS 1.3 and encrypted at rest.
- Access to production systems is restricted to authorized personnel with role-based access controls.
Cookies & Analytics
VPATify uses a built-in cookie consent manager that implements Google Consent Mode v2. Analytics and marketing signals are denied by default and only activated after you give explicit consent. We use three cookie categories:
- Necessary (always on): used for authentication, session management, and core platform functionality. These cannot be disabled.
- Analytics: Google Analytics (GA4) collects anonymous usage data — page views and feature engagement. Only activated when you opt in. Governed by
analytics_storageConsent Mode signal. - Marketing: ad personalisation signals (
ad_storage,ad_user_data,ad_personalization). We do not serve third-party ads; these signals are denied unless you opt in.
You can review or change your choices at any time using the link in the footer, or by clearing your browser cookies (which resets to default-denied on your next visit).
Your Rights
You have the right to:
- Access, correct, or delete your personal data.
- Export your data in a portable format.
- Opt out of marketing communications at any time.
GDPR: residents of the European Union can exercise their rights under the General Data Protection Regulation, including the right to erasure, data portability, and restriction of processing.
To exercise any of these rights, contact us at office@vpatify.com.
Data Retention
- Account data is retained for as long as your account remains active.
- Scan results and VPAT documents are retained for 12 months after the last scan.
- When you delete your account, all associated data is purged within 30 days.
Third-Party Services
We use the following third-party services to operate the platform:
- Google OAuth — authentication and single sign-on.
- Stripe — payment processing and subscription management.
- Resend — transactional email delivery.
- Cloudflare — CDN, Workers, and R2 object storage.
Each third-party service is bound by its own privacy policy. We only share the minimum data necessary for each service to function.
Children's Privacy
VPATify is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.
Contact
For privacy inquiries, data requests, or general questions: office@vpatify.com
For security concerns or vulnerability reports: security@vpatify.com