Privacy Policy

Last updated 2026-05-19.

Plain language first: we collect as little as possible, we don’t sell or
share anything, and your customers’ data stays on your server. The legal
language below covers the details.

Who we are

A11y Suite is operated by Kazim Sevim (sole operator) under the trade name
OpenForge. The marketing site you’re reading this on (openforge.org
once domain is connected) is hosted on Hostinger in the United States.

Contact for privacy questions: privacy@openforge.org

What we collect on this marketing site

• Account data if you buy a Pro license: name, email, billing
  address (required by Stripe for tax/fraud), order history. Stored in our
  WordPress + WooCommerce database.
• Payment data is handled by Stripe. We never see or store
  your card number. We see only: last 4 digits, brand, expiration (for your
  own reference in My Account).
• Email correspondence if you contact support — retained for
  24 months for service quality, then deleted.
• Server access logs — IP, user agent, requested URL,
  timestamp. Retained 30 days for security. Standard Hostinger logging.
• License validation pings — when your plugin checks in
  (weekly) we record: license key, your site URL, plugin version, your site’s
  WordPress and PHP versions, and the IP the request came from. Used only to
  enforce site limits and surface upgrade issues. Retained 200 most recent
  checks per license.

What we don’t collect: analytics cookies, ad-network pixels,
fingerprinting scripts, behavioral tracking. The marketing site uses
self-hosted Plausible for aggregate page-view counts (no personal data,
no cookies, cookie-banner-free).

What the A11y Suite plugin collects on YOUR customers

Nothing. The plugin does not track your site visitors. Specifically:

• No analytics calls to us or third parties.
• No visitor PII in scan results — only HTML markup, CSS selectors, accessibility
  rule IDs.
• No visitor cookies set, except optionally a11y_suite_ab
  (a random 0–99 integer) if you enable A/B testing of applied fixes. That
  cookie carries no personal data.
• AI feature calls (Deep Audit, Fix Proposals, Chatbot) send HTML snippets
  to your chosen provider (Anthropic / OpenAI / Gemini) using your
  API key. Their privacy policies apply to those calls. No visitor PII is
  included.

Cookies on this marketing site

• Strictly necessary — session cookie if you log in to My
  Account; WooCommerce cart cookie if you have items in cart. Cannot be
  disabled.
• Plausible analytics — cookie-less; tracks aggregate page
  views only. No banner required (privacy-friendly by default).
• No marketing cookies, no advertising pixels.

How we use your data

• Fulfill your order — issue license, email it to you, charge
  your card.
• Renewals — notify before annual renewal; if you have an
  active subscription, charge it.
• Support — respond to your inquiries; cross-reference
  license to verify Pro entitlement.
• License enforcement — check your activation count matches
  your plan.
• Security — investigate fraud, abuse, attacks.

We do NOT:

• Sell your data.
• Share with advertisers or data brokers.
• Use your data to train AI models.
• Profile you across other sites.

Third parties we use

• Stripe (USA) — payment processing. stripe.com/privacy
• Hostinger (Lithuania / USA) — hosting. hostinger.com/privacy
• Cloudflare (USA) — DNS + edge cache. cloudflare.com/privacy
• Resend (USA) — transactional email (license delivery, renewals). resend.com/legal/privacy

Your rights (GDPR, CCPA, and more)

Regardless of where you live, you can ask us to:

• Show you all the data we hold on you
• Correct anything wrong
• Delete your account and all associated data (deletes license but does not refund — see refund policy)
• Export your data in a portable format (JSON)
• Stop processing your data (we’ll close your account)

To exercise any right, email privacy@openforge.org.
We respond within 30 days (GDPR requirement). No fee for the first request per year.

Data retention

• Active customers: data kept while account is active.
• After account deletion: payment records retained 7 years (US tax law); everything else deleted within 90 days.
• Support emails: 24 months then deleted.
• Server access logs: 30 days then deleted.
• License validation log: rolling 200 most-recent checks per license.

Children

A11y Suite is a B2B product for site owners and developers. We do not market
to or knowingly collect data from anyone under 16. If you believe we have, email
us and we’ll delete it immediately.

Changes to this policy

Material changes will be emailed to active customers 30 days before taking
effect. Non-material changes (typos, clarifications) are made silently with the
“Last updated” date refreshed.

Questions

Email privacy@openforge.org. We
answer privacy questions in plain English, not legalese.