Privacy Policy

Last updated: April 11, 2026

Comply (“we”, “us”, “our”) is operated by JK.Creative LLC. This Privacy Policy explains what data we collect when you use Comply at comply.jkcreative.store, how we use it, who we share it with, and what rights you have over it.

By creating an account or using the service, you agree to the practices described here. If you have questions, email comply@jkcreative.store.

1. Data Controller

The data controller for information collected through Comply is JK.Creative LLC. We determine the purposes and means of processing your personal data as described in this policy.

2. What We Collect

Account information — provided by you at signup:

• Name and email address
• Business name
• Subscription plan and billing status

Scan data — generated when you use the service:

• URLs you submit for scanning
• Scan results including detected WCAG violations, issue counts, and remediation suggestions
• Scan timestamps and history

Payment information — processed entirely by Square:

• We receive only a transaction confirmation and subscription status from Square
• We never store card numbers, CVV codes, or full billing addresses

Usage and device data — collected automatically:

• Pages visited within the app, features used, and navigation patterns (via Umami analytics — no cookies, no cross-site tracking)
• IP address, browser type, and operating system logged by Sentry when errors occur

3. Legal Basis for Processing

We process your data on the following legal bases:

• Contract performance — to deliver the scanning service you subscribed to
• Legitimate interests — to operate, secure, and improve the service
• Legal obligation — to retain billing records as required by applicable law
• Consent — for marketing communications (you can withdraw at any time)

4. How We Use Your Data

• Service delivery — run scans, return results, manage your account and quota
• Billing — process payments, manage subscriptions, send receipts
• Communications — send scan reports, account alerts, and policy update notices
• Security — detect abuse, investigate incidents, protect the platform
• Error monitoring — diagnose and fix application errors
• Improvement — understand how the service is used to guide development priorities

We do not sell your data. We do not use your scan results to train AI models.

5. Third-Party Processors

We use the following sub-processors to deliver the service. Each receives only the data necessary for its function.

• Square (squareup.com) — payment processing. Receives payment card details and billing information directly from you. We receive only subscription status and transaction confirmations. Square’s privacy policy governs their handling of your payment data.
• Supabase (supabase.com) — database hosting. Stores all account data, scan history, and scan results on servers located in the United States.
• Resend (resend.com) — transactional email delivery. Receives your email address and the content of emails we send you (scan reports, magic links, notifications).
• Sentry (sentry.io) — error tracking. Receives error events that may include your IP address, browser/OS user-agent, and the page or action that triggered the error. Sentry data is stored in the United States.
• Umami (self-hosted) — analytics. Collects page views and navigation events. Umami is cookie-free and does not collect personally identifiable information. No data is shared with third-party advertising networks.

6. Data Retention

• Scan results — retained for 12 months from the date of each scan, then permanently deleted
• Account data — retained while your account is active and for 30 days after cancellation, then permanently deleted
• Billing records — retained as required by applicable tax and financial regulations (typically 7 years)
• Email delivery logs — retained for 90 days
• Error logs — retained for 90 days in Sentry

You may request earlier deletion of your account and associated data at any time. See Section 8 for how to submit that request.

7. Data Security

• All data transmitted between your browser and our service is encrypted using TLS 1.3
• Data at rest in Supabase is encrypted using AES-256
• Access to production data is restricted to authorized personnel only
• We do not store payment card data — Square handles all cardholder data
• Magic link authentication means no passwords are stored or transmitted

No system is perfectly secure. If you discover a vulnerability, please report it to comply@jkcreative.store.

8. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate data be corrected
• Deletion — request that your account and associated data be deleted (subject to legal retention obligations for billing records)
• Data portability — request your scan history and account data in a machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — opt out of marketing communications at any time via the unsubscribe link in any email or by contacting us directly

To exercise any of these rights, email comply@jkcreative.store with “Privacy Request” in the subject line. We will respond within 30 days.

9. International Data Transfers

All third-party processors we use (Supabase, Square, Resend, Sentry) store and process data in the United States. By using Comply, you acknowledge that your data may be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

10. Cookies and Tracking

Comply does not use advertising cookies or third-party tracking cookies. Our analytics provider, Umami, is cookie-free and does not build user profiles or share data with ad networks. We may set a session cookie strictly necessary for authentication — this cookie is deleted when you sign out or close your browser.

11. Children’s Privacy

Comply is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has provided us with personal data, contact us at comply@jkcreative.store and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — those that significantly affect how we collect or use your data — we will notify you by email at least 14 days before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of Comply after the effective date constitutes acceptance of the updated policy.

13. Contact

Questions or concerns about this policy? Email comply@jkcreative.store.

See also: Terms of Service · Disclaimer