EAA Scanner

Privacy Policy

Last updated: 10 June 2026

EAA Scanner takes privacy seriously. This policy explains what data we collect, how we use it, and your rights under GDPR.

1. Data we collect

  • Email address — to deliver your report and send the signed download link.
  • Website URL — the URL(s) you submit for scanning.
  • Scan results— accessibility findings produced by scanning your submitted URL. This may incidentally include snippets of your website's HTML.
  • Order metadata — order ID, timestamp, and tier purchased. Payment details (card number, billing address) are handled entirely by Dodo Payments and are never transmitted to or stored by us.

2. How we use your data

  • To perform the accessibility scan you requested
  • To generate and deliver your PDF report and accessibility statement
  • To send transactional emails (report delivery, order confirmation)
  • For monitoring subscribers: to perform monthly re-scans and send diff emails

We do not sell, rent, or share your data with third parties for marketing.

3. Data retention & deletion

  • Raw crawl data (page HTML captured during scanning) is automatically purged 30 days after your scan date.
  • Report and order records are retained for 3 years for accounting and dispute-resolution purposes.
  • To request deletion of your data, email privacy@eaascanner.com. We will respond within 30 days.

4. Where your data is stored

All scan data and customer records are stored on servers in Frankfurt, Germany (Hetzner Cloud). Our web application runs on Vercel with the serverless functions region set to Frankfurt (fra1). No customer data is transferred outside the EU.

5. Analytics

We use Umami, a cookie-free analytics tool, self-hosted on our German server. Umami does not track individuals, does not use cookies, and does not require a consent banner. No data is shared with Google Analytics or similar services.

6. Third-party processors

  • Dodo Payments— payment processing and EU VAT handling (merchant of record). Data subject to Dodo's privacy policy.
  • Resend — transactional email delivery. Resend receives your email address to deliver reports.
  • Hetzner Cloud — infrastructure hosting in Frankfurt, Germany.

7. Your rights (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to processing
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, email privacy@eaascanner.com.

8. Contact

Data controller: EAA Scanner (operated by [Your Name], India)
Email: privacy@eaascanner.com