Privacy Policy

Short version: AccessibleLab does not sell your data. The widget stores user preferences locally in the browser only. No personal data is transmitted to third-party servers.

Who we are
What data we collect
How we use your data
Cookies & local storage
Third-party services
Data retention
Your rights
Contact & DPO

1. Who we are

AccessibleLab, Paul-Gerhardt-Str. 7, 74321 Bietigheim-Bissingen, DE is the data controller for personal data processed through this website and our service. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR / DSGVO).

2. What data we collect

Account data

When you register, we collect your name, email address, and a hashed password. This data is required to provide our service.

Billing data

Payment is handled by Stripe. We do not store credit card or payment details — these are processed and stored by Stripe under their own privacy policy.

Usage data

We collect anonymized, aggregated usage statistics (e.g. page views, widget load counts) for service improvement. This data cannot be traced back to individual users.

Widget data

The AccessibleLab-widget stores accessibility preferences (e.g. contrast mode, font size) exclusively in the end-user's browser via localStorage. No preference data is transmitted to our servers.

3. How we use your data

To create and manage your account
To deliver the AccessibleLab service and generate your embed key
To send transactional emails (account confirmation, password reset, invoices)
To improve service quality using aggregated analytics
To comply with legal obligations

Legal basis: contract performance (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR), and legal obligation (Art. 6(1)(c) GDPR).

4. Cookies & local storage

Our website uses only strictly necessary session cookies for authentication. We do not use tracking or advertising cookies.

The AccessibleLab-widget uses localStorage (not cookies) to persist user preferences client-side. No consent is required as no personal data is transmitted.

5. Third-party services

Stripe — payment processing. Subject to Stripe's Privacy Policy.
Hetzner Cloud — hosting infrastructure in Germany / EU.

All sub-processors are located within the EU or have adequate data protection safeguards (Standard Contractual Clauses).

6. Data retention

Account data is retained for the duration of your subscription plus 12 months, or until you request deletion. Anonymized analytics data may be retained indefinitely. Invoices are retained for 10 years as required by German tax law.

7. Your rights

Under the GDPR you have the right to:

Access a copy of your personal data
Correct inaccurate data
Request erasure ("right to be forgotten")
Restrict or object to processing
Data portability

To exercise your rights, contact us at legal@accessiblelab.de.

8. Contact & DPO

Questions about this privacy policy? Contact our Data Protection Officer:
legal@accessiblelab.de
AccessibleLab, Paul-Gerhardt-Str. 7, 74321 Bietigheim-Bissingen, DE

Contents