Privacy Policy

Last Updated: March 22, 2026

1. Introduction

FixMyWeb (“we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services at fixmyweb.dev (“Service”).

2. Data We Collect

2.1 Automatically Collected

• IP address (for rate limiting; hashed and not stored long-term)
• Usage data (pages visited, scan URLs submitted, timestamps)
• Device data (browser type, operating system, screen resolution)

2.2 Provided by You

• Email address (when creating an account)
• Payment information (processed by Stripe; we never store card numbers)
• URLs submitted for scanning

3. How We Use Your Data

• To provide and improve the accessibility scanning service
• To process payments and manage subscriptions
• To enforce rate limits and prevent abuse
• To send transactional emails (receipts, subscription updates)
• To analyze usage patterns and improve the Service (with your consent)

4. Cookies and Tracking

We use the following categories of cookies:

• Essential cookies — Required for the Service to function (session, preferences). Cannot be disabled.
• Analytics cookies — Google Analytics 4 to understand how users interact with our Service. Only set with your consent.
• Advertising cookies — Google AdSense for serving relevant advertisements. Only set with your consent.

We implement Google Consent Mode v2. By default, all non-essential cookies are denied until you provide explicit consent through our cookie banner.

5. Third-Party Services

• Stripe — Payment processing. Stripe Privacy Policy
• Google Analytics 4 — Usage analytics (with consent)
• Google AdSense — Advertising (with consent)
• Vercel — Hosting. Vercel Privacy Policy
• Upstash — Rate limiting data (Redis). Upstash Privacy Policy

6. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise these rights, contact us at privacy@fixmyweb.dev.

7. Data Retention

We retain scan results for 90 days (Pro) or 1 year (Agency/Enterprise). Account data is retained until you delete your account. Rate limiting data is automatically purged after 24 hours.

8. Security

We implement industry-standard security measures including HTTPS encryption, SSRF protection, rate limiting, and Content Security Policy headers. Payment data is handled exclusively by Stripe's PCI-DSS compliant infrastructure.

9. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page with an updated date.

11. Contact

For privacy-related questions: privacy@fixmyweb.dev