Skip to main content

GDPR Art. 13

Privacy policy

This Privacy Policy explains how Altvisor(“we”) collects and processes personal data when you visit our website, run a WCAG scan, or use the Altvisor application as the data controller for our own users. When we process personal data on behalf of a customer (the images and content you submit for alt-text generation), we act as a processor — those terms live in our Data Processing Agreement.

What we collect

  • Account data — your email and the organisation name you choose at sign-up. We never read your OAuth provider profile beyond email and name.
  • Usage data — quota counters, audit-log events, and product analytics, all hosted in the EU (PostHog EU).
  • Uploaded images — processed in-memory and deleted from storage before the request returns. Only a content hash, dimensions, and the generated alt-text are retained.

Where your data lives

Our database, authentication, and file storage run on Supabase in eu-west-1 (Ireland). Primary AI processing uses Mistral on EU infrastructure. The Business tier optionally uses Anthropic (US) under the EU-US Data Privacy Framework and Standard Contractual Clauses — disclosed on our subprocessors page.

Your rights

Under the GDPR you may access, rectify, export, or erase your personal data, and object to or restrict processing. To exercise any of these rights, contact us at hello@altvisor.eu. You may also lodge a complaint with your national data protection authority.

This page is a plain-language summary published before Altvisor leaves beta; the binding processing terms are those in our DPA.