Skip to main content

Privacy Policy

Last updated: March 11, 2026

Passiro ("we", "us", "our") operates the passiro.com website and the Passiro accessibility scanning platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

Information you provide to us

  • Account information: When you create an account, we collect your name, email address, company name, and password (stored as a bcrypt hash — we never store passwords in plaintext).
  • Payment information: If you subscribe to a paid plan, payment is processed by our payment provider. We do not store credit card numbers on our servers.
  • Website URLs: When you use our scanning service, you provide the URLs of websites you wish to scan.
  • Communications: When you contact us via email or support channels, we collect the content of your messages.

Information collected automatically

  • Usage data: We collect information about how you interact with our platform, including pages visited, features used, and scan history.
  • Device and browser information: We collect your IP address, browser type, operating system, and device type for analytics and security purposes.
  • Cookies: We use essential cookies for authentication and session management. See our Cookie Policy for details.

Information collected during scans

  • Website content: When scanning a website, our scanner accesses publicly available pages and captures screenshots, HTML structure, and accessibility data. This data is used solely to provide our scanning and reporting services.
  • No personal data from scanned sites: Our scanner does not collect, store, or process personal data of visitors to the websites we scan. We only analyze the accessibility of the website's structure and content.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our accessibility scanning and compliance services
  • Generate accessibility reports, compliance scores, and fix recommendations
  • Host and maintain your accessibility statement pages
  • Render compliance badges with your current score
  • Send you service-related communications (scan results, account updates)
  • Process payments and manage your subscription
  • Respond to your inquiries and support requests
  • Improve our platform, detect issues, and ensure security
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide you with our services (Article 6(1)(b))
  • Legitimate interests: Processing for analytics, security, and service improvement (Article 6(1)(f))
  • Legal obligation: Processing required to comply with applicable laws (Article 6(1)(c))
  • Consent: Where required, we will obtain your explicit consent (Article 6(1)(a))

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

  • Hosted accessibility statements: If you enable a hosted accessibility statement, the compliance score, scan date, and company information you configure will be publicly visible at your statement URL.
  • Compliance badges: If you embed a compliance badge on your website, your compliance score and scan date are displayed publicly via the badge.
  • Service providers: We use third-party services for hosting, payment processing, and email delivery. These providers process data on our behalf under data processing agreements.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority.

5. Data Retention

  • Account data: Retained for as long as your account is active. After account deletion, data is removed within 30 days.
  • Scan data: Scan results and screenshots are retained for the duration of your subscription plus 90 days.
  • Free scan data: Data from free scans without an account is retained for 30 days.
  • Badge impression data: Anonymized, aggregated impression and click counts are retained indefinitely.

6. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password storage using bcrypt hashing
  • Access controls and authentication for all systems
  • Regular security reviews of our infrastructure

8. International Data Transfers

Our servers are located within the European Union. If any data processing occurs outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Passiro
Contact us