Skip to main content
EU Compliance

GDPR Compliance

AllAccessible is designed to support General Data Protection Regulation (GDPR) compliance. We collect only necessary data to provide our services and comply with legal requirements.

Visit Trust CenterView Privacy Policy

What Data We Collect & Why

Transparent data practices compliant with GDPR Article 13 & 14

Marketing Website (allaccessible.org)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

Data Collected

  • Analytics data (Google Tag Manager, Google Analytics)
  • Conversion tracking (Google Ads, LinkedIn, Facebook)
  • Form submissions (name, email, company, message)
  • IP address (for fraud prevention)
  • Language preference

Purpose

  • Measure marketing campaign effectiveness
  • Improve website user experience
  • Process demo/contact requests
  • Provide customer support
  • Remember your language choice

Accessibility Widget (Client Websites)

Legal basis: Legitimate interest + User consent for preferences

✅ Anonymized Usage Metrics

  • Widget activations (no user identification)
  • Feature usage aggregated by website
  • No IP addresses, no cookies for tracking
  • Website-level statistics only

🔒 User Preference Storage (LocalStorage)

  • <code>aacxValidated</code> - Daily validation cookie
  • <code>accessibilityWidgetHidden</code> - Widget visibility
  • <code>overrideOptions</code> - Your accessibility settings (text size, contrast, etc.)
  • <strong>Stored locally on your device only</strong> - never sent to our servers

Application Users (app.allaccessible.org)

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

Data Collected

  • Account information (email, name, company)
  • Website/domain configurations
  • Audit history and scan results
  • Usage metrics and analytics
  • Billing information (via Stripe)

Purpose

  • Provide accessibility services
  • Generate compliance reports
  • Process payments
  • Customer support
  • Service improvements

Accommodation Requests

Legal basis: Legal obligation + Explicit consent for health data

Basic Accommodation Requests

  • Employee name, request type, description
  • No medical/health information
  • Available to all customers

⚠️ Advanced Accommodation (Protected Health Information)

  • Medical documentation and health conditions
  • Disability details and treatment requirements
  • <strong>Requires signed HIPAA Business Associate Agreement</strong>
  • Only available with executed BAA
  • Encrypted storage, audit logs, access controls

<strong>Important:</strong> We do NOT process protected health information without a valid HIPAA BAA in place. Contact us to execute a BAA before using advanced accommodation features.

Your GDPR Rights

Under GDPR, you have comprehensive rights regarding your personal data

Right to Access

Request a copy of all personal data we hold about you

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Data Portability

Receive your data in a structured, machine-readable format

Privacy-First Widget Design

Widget usage is completely anonymized

Anonymous Widget Usage

Widget interactions are tracked at website level only, with no individual user tracking

Local Preferences Only

User accessibility preferences stored locally in browser, never sent to our servers

No Consent Banner Needed

Since no personal data is processed, GDPR consent is not required

What Data We Do NOT Collect

No IP addresses
No user identifiers or IDs
No cookies for tracking
No session tracking
No accessibility preferences
No health-related data
No personal device information
No marketing or analytics data

EU Representative & DPO

Professional EU representation and data protection services

Article 27 EU Representative

Prighter Group

Provided by iuro Rechtsanwälte GmbH t/a Prighter

EU Address

Schellinggasse 3, 1010 Vienna, Austria

Responsibilities

  • Receive GDPR-related inquiries
  • Coordinate with data protection authorities
  • Handle data subject requests
  • Provide information on data processing

Data Protection Officer (DPO)

Prighter provides professional Data Protection Officer services as required by GDPR Article 37-39.

EU GDPR Certification

Learn more about Prighter's EU GDPR representation and certification services

UK GDPR Certification

Learn more about Prighter's EU GDPR representation and certification services

Legal Bases for Data Processing

GDPR Article 6 compliance explained

Article 6 GDPR Legal Bases

Website Usage Analytics

  • <strong>Legal Basis:</strong> Legitimate Interest (Art. 6(1)(f))
  • We process analytics to improve our services
  • Balanced against your rights and freedoms
  • You can opt-out via cookie preferences

Data NOT Processed

  • No special category data (Art. 9 GDPR)
  • No criminal conviction data (Art. 10 GDPR)
  • Health data only with explicit consent + HIPAA BAA
  • No automated decision-making (Art. 22 GDPR)

Detailed GDPR Rights

How to exercise your data protection rights

Right to Information

Receive clear information about how we process your data (Articles 13 & 14)

Right of Access

Obtain confirmation and access to your personal data (Article 15)

Right to Rectification

Correct inaccurate or incomplete data (Article 16)

Right to Erasure

Request deletion ("right to be forgotten") under specific conditions (Article 17)

Right to Restrict Processing

Limit processing in certain circumstances (Article 18)

Right to Data Portability

Receive your data in machine-readable format (Article 20)

Right to Object

Object to processing based on legitimate interests or direct marketing (Article 21)

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent (Article 7)

How to Exercise Your Rights

Contact us at <strong>privacy@allaccessible.org</strong> or use our Trust Center. We will respond within 30 days as required by GDPR.

You have the right to lodge a complaint with your local data protection authority.

Data Security & Protection

Technical and organizational measures to protect your data

Data Security

  • <strong>Encryption:</strong> All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • <strong>Access Controls:</strong> Role-based access, multi-factor authentication required
  • <strong>Monitoring:</strong> 24/7 security monitoring and intrusion detection
  • <strong>Audits:</strong> Regular security audits and penetration testing
  • <strong>Backup:</strong> Automated backups with encryption and geo-redundancy

Data Retention

  • <strong>Marketing Data:</strong> 2 years from last interaction
  • <strong>Account Data:</strong> Duration of service + 6 months
  • <strong>Billing Data:</strong> 7 years (legal requirement)
  • <strong>Support Tickets:</strong> 3 years after resolution
  • <strong>Audit Logs:</strong> 1 year for security purposes

Third-Party Processors

  • <strong>Stripe:</strong> Payment processing (PCI-DSS compliant)
  • <strong>Google Cloud:</strong> Infrastructure hosting (ISO 27001, SOC 2)
  • <strong>HubSpot:</strong> CRM and marketing automation
  • <strong>Intercom:</strong> Customer support platform

International Data Transfers

  • Data stored primarily in EU/EEA data centers
  • Third-party processors use Standard Contractual Clauses (SCCs)
  • Additional safeguards for US transfers post-Schrems II
  • Data Processing Agreements (DPAs) with all processors

Contact & Data Protection

Questions about GDPR compliance or data protection?

Data Controller

AllAccessible, LLC

515 Congress Ave, Suite 1750, Austin, TX 78701, USA

EU Representative

Prighter Group (iuro Rechtsanwälte GmbH)

Schellinggasse 3, 1010 Vienna, Austria

gdpr@prighter.com

Privacy Inquiries

privacy@allaccessible.org

For data subject requests, privacy questions, or GDPR concerns

Trust Center

Visit our Trust Center for comprehensive privacy and security information:

Visit Trust Center →

Ready to Get Started?

Experience privacy-first accessibility solutions that respect your data

Schedule a DemoLearn More