Privacy Policy
Last updated: March 2026
Data controller
The data controller is the publisher of the Scrutia service. Legal information about the data controller is available in our legal notice.
To exercise your rights or for any questions, contact us.
Data collected
Scrutia only collects data strictly necessary for the service:
- Email address: to send audit results and the PDF report after purchase.
- Audited website URL: to perform the accessibility audit.
- Payment data: processed exclusively by Stripe. Scrutia does not store any credit card numbers.
Purpose of processing
- Performing the requested WCAG accessibility audit
- Sending the audit report by email
- Processing payment
Your email is never used for commercial purposes, prospecting or newsletters. No data is resold to third parties.
Legal basis
Processing is based on your consent (Article 6.1.a of the GDPR), collected via the checkbox before launching the audit, and on contract performance (Article 6.1.b) for report delivery after payment.
Retention period
- Free audits: data deleted after 30 days.
- Paid audits: data retained 12 months to allow report re-download, then deleted.
- Billing data: retained 10 years in accordance with legal accounting obligations.
Subprocessors
| Subprocessor | Usage | Location |
|---|---|---|
| Supabase | Database, PDF storage | EU (Frankfurt) |
| Stripe | Payment | EU / United States (DPF certified) |
| Resend | Transactional email sending | United States (DPF certified) |
| Anthropic | AI analysis (no personal data transmitted) | United States |
| Hetzner | API server | Germany |
| Vercel | Frontend hosting | EU (Frankfurt) / United States |
| Google LLC | Google Analytics 4 — traffic measurement (opt-in only) | United States (DPF certified) |
No personal data (email) is transmitted to Anthropic. Only the public HTML content of the audited site is analyzed.
Your rights
In accordance with the GDPR, you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right of rectification: correct inaccurate data.
- Right to erasure: request the deletion of your data.
- Right to portability: receive your data in a structured format.
- Right to object: object to the processing of your data.
- Right to withdraw consent: withdraw your consent at any time.
To exercise these rights, contact us. We respond within 30 days.
In case of dispute, you can file a complaint with the CNIL (French Data Protection Authority): www.cnil.fr (new window).
If you are in the United Kingdom, you may contact the Information Commissioner's Office (ICO). If you are in Ireland, you may contact the Data Protection Commission (DPC). For other EU member states, contact your national data protection authority.
Cookies
Scrutia uses two categories of cookies:
- Strictly necessary cookies: session cookies required for the audit flow and for the Stripe payment session. These cookies do not require consent under the ePrivacy Directive.
- Analytics cookies (Google Analytics 4): used to measure site traffic and understand how visitors interact with the site. These cookies are only loaded after your explicit consent via the cookie banner. If you refuse or ignore the banner, no analytics cookie is set and no data is sent to Google. You can withdraw your consent at any time by clearing your browser storage for scrutia.io.
Scrutia uses no advertising cookies and does not share any data with third parties for marketing or profiling purposes.