Privacy Policy

Last updated: July 5, 2026

This policy explains what data SiteAttest collects, why we collect it, who we share it with, and the choices you have. The short version: we collect what we need to scan the sites you submit and run your account, we never sell your data, payments are handled by Stripe, and you can ask us to delete your data at any time.

1. Who we are and what this covers

SiteAttest is operated by Masas Technologies, LLC ("we", "us"), the data controller for the personal data described here. SiteAttest provides automated website accessibility scanning and monitoring. This policy explains what personal data we collect when you use our website and Service, how we use it, who we share it with, and the rights you have. It applies to visitors who run free scans, subscribers, and recipients of our reports and emails.

2. Data we collect

3. How we use your data

Where the GDPR applies, we rely on performance of a contract (providing the Service), legitimate interests (security, product improvement, business communications), and consent where required (marketing emails).

4. AI processing of scanned content

Parts of a scan use large language models to review page content, for example judging whether image alt text describes the image and drafting suggested fixes. To do this, excerpts of the scanned page (HTML snippets and images) are sent to our AI provider, Anthropic, for processing. This content comes from the websites you submit for scanning, not from your account data. AI outputs are cached so identical content is not repeatedly processed.

5. Who we share data with

We do not sell personal data. We share data only with service providers that help us run SiteAttest, under agreements limiting their use of it:

We may also disclose data if required by law, to protect our rights or users, or as part of a merger or acquisition, in which case this policy continues to apply to previously collected data.

6. Shared report links

Free scan reports live at unlisted URLs. Anyone who has the link can view the report, so treat report links as you would the report itself. Reports are excluded from search engine indexing.

7. Retention

Account and subscription data is kept while your account is active and deleted or anonymized within a reasonable period after account deletion, except where we must retain records for tax, accounting, or legal purposes. Free scan reports and lead records may be deleted after a period of inactivity. Scan history for subscribers is retained as part of your compliance evidence log while your subscription is active; deleting a monitored site deletes its scan history.

8. Security

We use industry-standard measures to protect data: encrypted connections (HTTPS), hashed passwords, scoped API credentials, and isolation of the scanning infrastructure. Scans refuse to target private or internal network addresses. No system is perfectly secure, so we cannot guarantee absolute security; if a breach affects your personal data we will notify you as required by law.

9. Your rights

Depending on where you live (for example under the GDPR, UK GDPR, or CCPA), you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, to withdraw consent, and to complain to a supervisory authority. To exercise any of these rights, email us at the address below. We will respond within the time required by applicable law and may need to verify your identity first.

You can unsubscribe from non-essential emails using the link in any such email. Transactional emails, such as scan alerts for sites you actively monitor, are part of the Service.

10. International transfers

Our service providers may process data in countries other than yours, including the United States and the European Union. Where required, transfers are protected by appropriate safeguards such as standard contractual clauses implemented by our providers.

11. Children

The Service is intended for business use and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. For material changes we will give notice by email or in the Service before the changes take effect. The date at the top shows when this policy was last revised.

13. Contact

Masas Technologies, LLC. Privacy questions and rights requests: [email protected].