Privacy Policy
Last Updated: May 2026 | Version 2.9
AODA Health Inc. is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our AI-assisted accessibility monitoring platform, how we use it, and the choices you have. We operate under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information We Collect
We collect three categories of information:
- Account information — your name, email address, organization name, and password (stored hashed) when you sign up. Agency partners also provide client website URLs and contact details.
- Scan and diagnostic data — the URLs of websites you submit, page HTML and screenshots captured during scans, accessibility issues identified, and remediation history. This data is generated by you using the platform.
- Billing information — handled by Stripe. We do not store full credit card numbers; we receive only a token and the last four digits.
2. How We Use Your Information
We use the information we collect to:
- Run accessibility scans and generate diagnostic reports for your websites.
- Operate your account, process payments, and deliver service-related notifications.
- Improve the accuracy of our scan engine through aggregated, de-identified usage data.
- Send transactional emails (badge expiry warnings, scan completion notices, agency service lapses).
We do not sell your data. We do not use your scan content to train third-party AI models.
3. Third-Party Services
We rely on the following service providers to operate the platform. Each processes your data only to the extent necessary to deliver the service:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting and edge delivery.
- Stripe — payment processing.
- Browserless.io — headless browser rendering for scans.
- Anthropic and Google — large language model APIs used to analyse scan results. Page content submitted to these providers is processed transiently and is not retained beyond the API call.
- Upstash — rate-limiting and short-lived cache.
4. Cookies
We use first-party cookies strictly to keep you signed in. We do not use third-party advertising cookies or cross-site tracking.
5. Data Retention and Deletion
Scan data is retained for the duration of your active subscription plus 90 days. Account information is retained until you request deletion. You may request export or deletion of your data at any time by emailing us at the address below; we will respond within 30 days.
6. Security
All data is transmitted over TLS. Database access is restricted by row-level security policies; only the authenticated account owner and authorized agency partners can read account-scoped records. We log access and errors for diagnostic purposes only.
7. Your Rights
Under PIPEDA you have the right to access, correct, or request deletion of your personal information. You may also withdraw consent for non-essential communications at any time using the unsubscribe link in our emails or by contacting us directly.
8. Contact
Questions about this policy or about how your data is handled can be sent to support@aodahealth.ca. For complaints about handling of personal information, you may also contact the Office of the Privacy Commissioner of Canada.

