Skip to main content

Privacy Policy

Effective date: May 20, 2026 · Last updated: May 28, 2026

1. Who we are

Access Lens AI is currently operated by an independent operator based in Mexico. This service provides automated PDF accessibility screening only. It is not a certification, legal opinion, or guarantee of compliance with any accessibility standard or law.

For privacy-related requests, data deletion requests, retention questions, or account support: hello@accesslensai.com

2. Data we collect

We collect only the data necessary to provide and improve the service:

  • Email address — collected at account creation for authentication and transactional emails (screening completion, account notices).
  • Uploaded PDF files — stored temporarily solely to perform the automated accessibility screening you requested and to support debugging, customer support, false-positive/false-negative validation, and operational quality review during public beta. Uploaded PDFs are automatically deleted shortly after processing or after temporary operational retention needs are complete (see Section 4). Original uploaded PDFs are not retained long-term. We do not use uploaded PDFs to train AI models.
  • Screening reports — the structured screening report generated from your PDF is kept in your account history so you can access it later. Generated reports, report JSON, findings metadata, score/result metadata, filename/page count metadata, and account screening history are retained separately from uploaded originals until you delete your account or request deletion.
  • Payment information — payment card details are processed and tokenized directly by our payment processor. We receive only a payment reference ID and do not directly store or access your full card number or CVV.
  • Checkout legal acknowledgment — whether you accepted the automated screening disclaimer, Terms of Service, and Privacy Policy, plus timestamp and version metadata where available.
  • IP address — logged per request for rate limiting and abuse prevention. Not used for tracking or advertising.
  • Browser user agent — collected as part of standard web server logs for debugging and security monitoring.

3. Why we collect it

  • To provide the automated PDF accessibility screening service you requested. Uploaded PDFs are processed for this purpose, temporary operational support, and beta-quality validation, then deleted after processing or after temporary operational retention needs are complete.
  • To process payments and maintain your transaction history for tax and legal obligations.
  • To prevent abuse, spam, and fraudulent use of the service.
  • To send you transactional emails (e.g., “your screening report is ready”). We do not send marketing emails without your explicit consent.
  • To comply with applicable legal and tax obligations in Mexico and internationally.
  • To maintain a record of your acceptance of the Terms of Service, Privacy Policy, and automated screening disclaimer.

We do not sell your data. We do not use your data for advertising. We do not build profiles of you for any purpose other than delivering the service.

4. How long we keep your data

  • Uploaded PDFs: automatically deleted shortly after processing or after temporary operational retention needs are complete. Original uploaded PDFs are not retained long-term.
  • Screening reports: accessibility screening reports and limited screening metadata may remain associated with your account history unless deleted by request.
  • Account data (email, preferences): kept while your account is active. Deleted after account deletion request except where legal retention is required.
  • Payment records: retained as required by applicable tax, accounting, and legal obligations, including after account deletion.
  • Server logs (IP, user agent): retained for 90 days for security monitoring, then deleted.

5. Third parties and sub-processors

We use trusted third-party providers for secure cloud hosting, authentication, payment processing, AI-assisted accessibility screening workflows, and temporary secure storage. These providers process data only as needed to operate the Service, protect accounts, complete payments, generate screening reports, and support security or legal obligations.

  • Secure cloud hosting and authentication — used to operate the application, authenticate users, protect account sessions, and store account data.
  • AI-assisted accessibility screening workflows — process extracted structural metadata and limited text snippets necessary to generate the screening report, such as tags, headings, captions, alt text, color values, and sample text. We do not send the original PDF file to AI providers. AI-assisted processing providers do not use API inputs to train their models by default.
  • Payment processing — used to process card payments and maintain payment references. We never see your full card number or CVV.
  • Temporary secure storage — used for uploaded PDFs while the requested screening and temporary operational support needs are completed.

We do not share your data with any other third parties.

Enterprise customers may request configurable retention periods, optional rapid deletion workflows, and privacy-focused document handling for approved enterprise workflows.

6. Your rights (ARCO + GDPR + LFPDPPP + CCPA)

Depending on your jurisdiction, you may exercise the following rights. Under Mexico's applicable personal data protection laws, including LFPDPPP where applicable, these are known as ARCO rights:

  • Acceso (Access) — request a copy of the personal data we hold about you, including the categories of data, purposes of processing, and any third parties with whom it has been shared.
  • Rectificación (Correction) — request that we correct inaccurate or incomplete personal data we hold about you.
  • Cancelación (Deletion / Right to be forgotten) — request that we delete your account and all associated personal data. We will comply within 20 business days as required under Mexico's applicable personal data protection laws, except for data we are required to retain by law.
  • Oposición (Objection) — object to the processing of your personal data for specific purposes, or where we rely on legitimate interests as a legal basis.
  • Right to portability (GDPR / CCPA) — request your screening history in a machine-readable format (JSON or CSV).

To exercise any of these rights, email hello@accesslensai.com from the address associated with your account. We may request information reasonably necessary to verify your identity before fulfilling the request. We will respond within 20 business days (Mexico's applicable personal data protection laws) or the applicable GDPR/CCPA response period, whichever applies.

You may also delete your account directly from your account settings, which triggers deletion of all associated data (except legally required payment records).

7. Cookies

We use only essential cookies required for the service to function:

  • Authentication session cookie — used to keep you logged in. Expires when your session ends or after the configured session duration.

We do not currently use third-party tracking or behavioral analytics tools. We do not use Google Analytics or similar cross-site tracking. If we introduce analytics in the future, we will update this policy and notify you in advance.

8. Children

This service is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact hello@accesslensai.com and we will delete it promptly.

9. International data transfers

Our sub-processors may be based in the United States or other countries outside Mexico. By using this service, you acknowledge that your data may be transferred to and processed in countries other than your own, which may have different data protection laws. We rely on each sub-processor's own data protection commitments, contractual safeguards, and where applicable, standard contractual clauses to protect data transferred across borders.

10. Security

We implement reasonable technical and organizational measures to protect your data: encrypted storage, HTTPS-only transmission, access controls, and account-level data isolation so users can only access their own data. No method of internet transmission is 100% secure; we cannot guarantee absolute security.

11. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. For material changes, we will notify you by email at least 14 days before they take effect. The “Effective date” at the top of this page indicates when the current version was adopted.

12. Contact

For privacy questions, data requests, legal notices, or to report a concern: hello@accesslensai.com

Legal operator: Anneli Daniela Torres Arroyo. Access Lens AI is currently operated by an independent operator under Mexican law.

This Privacy Policy was last updated on May 28, 2026. Terms of Service