Privacy Policy

Effective Date: March 7, 2026

AccessFix ("we", "our", "the app") is a Shopify app that scans merchant storefronts for WCAG 2.2 AA accessibility violations and provides fix instructions. This privacy policy explains what data we collect, how we use it, and how we protect it.

What Data We Collect

1. Shopify Session Data

When you install AccessFix, we store your shop domain, session state, and access token in our database. This is required for all Shopify embedded apps to maintain your authenticated session. We only request the following API scopes:

• read_products — to identify product pages for scanning
• read_themes — to provide theme-specific fix instructions

We do not request write access to your store.

2. Storefront Page Content

When you run a scan, we use a headless browser (Puppeteer) to load your publicly accessible storefront pages and analyze their HTML structure for accessibility issues using axe-core. Pages scanned include:

• Homepage
• Collection pages
• Product pages (up to 10)
• Cart page
• Informational pages (about, contact, policy pages)

We do NOT scan Shopify checkout pages. Checkout is fully controlled and hosted by Shopify, and merchants cannot modify its HTML or accessibility.

We do NOT collect any customer or visitor data. We only analyze the HTML structure of your pages — we do not interact with forms, capture user inputs, track visitors, or set cookies on your storefront.

3. Scan Results

For each scan, we store the following in our database:

• Scanned URLs
• Compliance score and violation counts by severity
• Individual violation details: CSS selector, HTML snippet of the offending element, page URL, axe rule ID, and generated fix instructions

4. What We Do NOT Collect

• Personal data of your customers or store visitors
• Email addresses beyond what Shopify provides through the install flow
• Analytics or browsing behavior
• Cookies on your storefront
• Payment or financial information (billing is handled entirely by Shopify)

How We Use Your Data

We use the data we collect solely to:

• Authenticate your session within the Shopify Admin
• Scan your storefront pages for accessibility violations
• Generate fix instructions tailored to your Shopify theme
• Display scan results, compliance scores, and fix guidance in the app
• Manage your subscription plan through Shopify's billing system

We do not use your data for advertising, profiling, or any purpose unrelated to providing the AccessFix service.

Third-Party Services

Anthropic Claude API

For uncommon or complex accessibility violations, we send violation details only (HTML snippets and axe rule descriptions) to the Anthropic Claude API to generate Shopify-specific fix instructions. No merchant personally identifiable information or customer data is sent to this service. The majority of common violations use pre-written templates and do not trigger any external API call.

Shopify Billing API

We use Shopify's managed billing for the Fix plan ($19.99/month). All payment processing is handled entirely by Shopify. We do not store or process any payment information.

Infrastructure

Your data is stored in a PostgreSQL database hosted on our servers. We do not share your database with other applications or services.

Data Retention

• Scan results and violation data are retained as long as you have the app installed, so you can track your accessibility progress over time.
• Session data is retained as long as the app is installed on your store.

Data Deletion

You can request deletion of all your data at any time by contacting us at arttukoo@gmail.com.

We also handle Shopify's mandatory GDPR/privacy webhooks:

• Customer Data Request — AccessFix does not store customer data, so these requests return no data.
• Customer Data Erasure — AccessFix does not store customer data, so no action is needed.
• Shop Data Erasure — When received (typically after app uninstall), we delete all scan results, violation records, and session data associated with your shop.

Security

We take reasonable measures to protect your data, including:

• All communication between the app and Shopify uses HTTPS/TLS encryption
• Access tokens are stored securely in our database
• The app runs embedded within the Shopify Admin using Shopify's OAuth authentication
• We do not inject any JavaScript, widgets, or code into your storefront

Storefront Impact

AccessFix does not modify your storefront in any way. The app:

• Does not inject JavaScript or overlay widgets
• Does not add any code to your theme
• Does not affect your store's performance or visitor experience
• Only reads publicly accessible page content during scans

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app. The effective date at the top of this page indicates when the policy was last updated.

Contact Us

If you have questions about this privacy policy or want to request data deletion, contact us at arttukoo@gmail.com.