ACCESSPROOF

Privacy Policy

Last updated July 8, 2026

What AccessProof does

AccessProof scans a store's public storefront pages for accessibility issues, alerts the merchant when new issues appear, and keeps a dated record of scans and fixes. It is installed by merchants on their own Shopify stores.

What we store

  • Shop record: your myshopify domain, storefront URL, plan, and settings (alert email, Slack webhook URL, statement details).
  • Scan data: scan results, findings (rule, selector, HTML snippet), element screenshots of failing parts of your public pages, and page-level pass counts.
  • The evidence ledger: dated entries describing scans, regressions, fixes and exports for your shop, each cryptographically chained to the previous entry.
  • Alert log: when an alert was sent, to which channel, and whether delivery succeeded.
  • Shopify session: the OAuth tokens Shopify issues so the app can operate (stored server-side).

What we never touch

No customer data. No orders. No theme write access. Scans read the same public pages any visitor sees. The only Shopify API permission requested is read_themes, used to name your active theme in the record and to receive the theme-publish event that triggers a delta-scan.

Where data lives

Hosting and database run on Vercel and Neon (US). Data is encrypted in transit (TLS) and at rest (provider-managed). Sub-processors: Shopify, Vercel, Neon, and Resend (alert email delivery).

Retention and deletion

Data is kept while the app is installed so your monitoring record stays continuous. Uninstalling stops all scanning. When Shopify sends the store-erasure request (48 hours after uninstall), everything — scans, findings, screenshots, ledger, settings — is deleted.

Contact

Privacy questions: danny@8thorigin.com.