Skip to main content

Privacy Policy

Last updated: 18 May 2026

1. Who We Are

ClearSite is operated by KP LTD ("we", "us", "our"). We are the data controller for the personal data we process through the ClearSite service.

2. What Data We Collect

We collect the following data:

  • Free scan users: The URL you scan, automated accessibility results, generated report content, your email address if you choose to unlock the full report, and hashed report claim and unlock tokens used to protect the emailed report link.
  • Registered users: Email address, authentication account records handled by Supabase, subscription status, scan history, generated reports, raw accessibility results, and monitored site URLs. If you mark issues as resolved, we store that remediation progress.
  • Technical and anti-abuse data: IP-derived and account-derived hashed rate-limit identifiers, request metadata, and service logs used to protect and operate the Service.
  • Payment data: Processed by Stripe. We do not store credit card numbers, CVVs, or full card details. We retain your Stripe customer ID to manage your subscription.
  • Usage data: Product usage needed to operate the Service, such as scan frequency, subscription activity, and application request logs. If privacy-friendly analytics are enabled, we use aggregate, cookie-free analytics rather than advertising cookies or cross-site tracking.

3. How We Use Your Data

  • To provide the Service: Running scans, generating AI reports, monitoring your sites, and sending alerts.
  • To process payments: Managing subscriptions via Stripe.
  • To communicate with you: Scan results, monitoring alerts, account notifications, and service updates related to your account or reports.
  • To improve the Service: Aggregated, anonymised scan data helps us understand common accessibility issues and improve our AI analysis.

4. Data Sharing

We share data only with the following third parties, solely to operate the Service:

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • Anthropic / OpenAI: AI analysis of scan results (scan URLs, issue descriptions, and limited affected-element snippets may be sent for processing; we do not intentionally include account, payment, or password data in AI requests, but scanned page snippets may contain content from the page being tested)
  • Resend: Transactional email delivery for report links, optional PDF attachments containing the report, and monitoring alerts
  • Browser runtime providers: Remote browser infrastructure used to load public web pages for scanning and PDF generation when configured in production
  • Vercel: Application hosting

We do not sell your personal data. We do not share data with advertisers. We do not use your data for purposes unrelated to the Service.

5. Data Retention

  • Free scan results: Anonymous free scans are retained for up to 12 months. Lead email and unlock rows are tied to those scans and are removed when the expired scan is deleted.
  • Registered-user scans and reports: Retained while your account is active so dashboard history, PDF export, monitoring, and issue-resolution features work. If you request deletion, we will delete or anonymise account-linked records within 30 days unless we need to retain limited records for legal, security, billing, or dispute reasons.
  • Account and billing records: Retained while your account or subscription is active, and afterwards only for the period reasonably needed for service administration, tax, accounting, security, dispute handling, or legal obligations.
  • Rate-limit records: Retained for operational abuse prevention and periodically cleared or expired.

6. Your Rights (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@clearsiteapp.com. We will respond within 30 days.

7. Cookies

ClearSite is designed to use only essential cookies required for authentication and session management. Optional Plausible-style analytics, when enabled, is configured as cookie-free aggregate measurement. We do not use advertising or cross-site tracking cookies. If we add non-essential cookies in future, this policy and the consent flow should be reviewed before release.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hosted database access controls, and least-privilege application access patterns. Password authentication is handled by Supabase and passwords are not stored in plain text by ClearSite.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users.

10. Contact

For privacy-related questions, contact us at privacy@clearsiteapp.com.