Privacy Policy

Last updated: 3 May 2025

1. Who we are

AllyUp (“we”, “us”) is an AI-powered WCAG accessibility assistant available at allyup.ai. The service is operated by Jake Abma.

Contact: jake.abma@allxs.tech

2. What data we collect

  • Account data: email address and hashed password, stored in Supabase (EU region).
  • Configuration data: your AI provider choice, API key (stored encrypted), system prompt, and knowledge base content.
  • Scan reports: URLs you scan and the resulting accessibility report data (violations, scores).
  • Usage logs: structured logs of scan events and errors for operational purposes, stored in Better Stack (EU region).
  • Error data: unhandled exceptions and stack traces, sent to Sentry (EU region). No passwords or API keys are included.

3. How we use your data

  • To provide and improve the AllyUp service.
  • To send you accessibility scan results and reports.
  • To diagnose and fix errors in the application.
  • To monitor uptime and service availability.

We do not sell your data to third parties.

4. Third-party processors

ProcessorPurposeRegion
SupabaseDatabase & authenticationEU
VercelHosting & edge functionsEU/Global
SentryError trackingEU
Better StackLogs & uptime monitoringEU
OpenAI / Anthropic / GoogleAI inference (when you use those providers)US

When you use an AI provider, the text of your messages is sent to that provider's API. Review their privacy policies before entering sensitive data.

5. Data retention

Account and configuration data is retained for as long as your account is active. Scan reports are retained indefinitely unless you delete them. You may request deletion of your account and all associated data at any time (see section 6).

6. Your rights (GDPR)

Under GDPR you have the right to:

  • Access — request a copy of all data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — export your data in a machine-readable format.
  • Objection — object to processing where we rely on legitimate interests.

To exercise these rights, use the Account section in the app settings, or email jake.abma@allxs.tech. We will respond within 30 days.

7. Cookies

AllyUp uses only a single session cookie set by Supabase to maintain your login. No advertising or tracking cookies are used.

8. Changes to this policy

We may update this policy. Material changes will be communicated via email. Continued use of the service after changes constitutes acceptance.