Privacy Policy
Last updated July 8, 2026
What AccessProof does
AccessProof scans a store's public storefront pages for accessibility issues, alerts the merchant when new issues appear, and keeps a dated record of scans and fixes. It is installed by merchants on their own Shopify stores.
What we store
- Shop record: your myshopify domain, storefront URL, plan, and settings (alert email, Slack webhook URL, statement details).
- Scan data: scan results, findings (rule, selector, HTML snippet), element screenshots of failing parts of your public pages, and page-level pass counts.
- The evidence ledger: dated entries describing scans, regressions, fixes and exports for your shop, each cryptographically chained to the previous entry.
- Alert log: when an alert was sent, to which channel, and whether delivery succeeded.
- Shopify session: the OAuth tokens Shopify issues so the app can operate (stored server-side).
What we never touch
No customer data. No orders. No theme write access. Scans read the same public pages any visitor sees. The only Shopify API permission requested is read_themes, used to name your active theme in the record and to receive the theme-publish event that triggers a delta-scan.
Where data lives
Hosting and database run on Vercel and Neon (US). Data is encrypted in transit (TLS) and at rest (provider-managed). Sub-processors: Shopify, Vercel, Neon, and Resend (alert email delivery).
Retention and deletion
Data is kept while the app is installed so your monitoring record stays continuous. Uninstalling stops all scanning. When Shopify sends the store-erasure request (48 hours after uninstall), everything — scans, findings, screenshots, ledger, settings — is deleted.
Contact
Privacy questions: danny@8thorigin.com.