chekku

Privacy Policy

Last updated: January 13, 2026

1. Introduction

Chekku (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website accessibility scanning service at chekku.dev (the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

1.1 Your Role When Scanning Websites

You are responsible for ensuring you have the legal right and authorization to scan any website or pages you submit to the Service (including authenticated areas). In many cases, you act as the “controller” (or equivalent) of any personal data that may appear on pages you choose to scan, and Chekku acts as a service provider/processor to generate scan results on your behalf.

Important: Scan artifacts (such as HTML snippets) may incidentally include personal data displayed on a page. Avoid scanning pages that contain sensitive personal information unless you have a lawful basis to do so, and use include/exclude patterns to limit scan scope where appropriate.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Email address, password (stored securely using bcrypt hashing for email/password accounts), and optionally your name and profile picture
  • OAuth Information: If you sign in using Google or GitHub, we receive your email address, name, and profile picture from the provider. We do not receive or store your password. You can revoke our access at any time through your account settings with that provider
  • Site Information: URLs of websites you add for scanning, site names, and scan configuration settings
  • Authentication Credentials: If you configure protected site scanning, we store HTTP Basic Auth credentials (encrypted with AES-256-GCM) or Playwright session state (encrypted at rest)
  • Payment Information: When you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your full credit card number; we receive only a token and limited card details (last 4 digits, expiration) from Stripe
  • Communications: Information from emails or support requests you send us

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Information about how you use the Service, including pages visited, features used, and actions taken
  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP address, access times, pages viewed, and referring URLs

2.3 Scan Data

When we scan websites on your behalf, we collect and store:

  • URLs of scanned pages
  • Page titles and metadata
  • Accessibility issues detected (including HTML snippets and CSS selectors)
  • Scan timestamps and duration
  • Accessibility scores

In some cases (for example, internal debugging or certain scan workflows), we may generate additional scan artifacts such as screenshots. If generated, those artifacts are handled as scan data under this Privacy Policy.

We do not store the full content of scanned pages. We only retain the specific HTML elements and selectors necessary to identify and describe accessibility issues.

Because pages you scan may display information about individuals (for example, names or email addresses), scan artifacts may incidentally include personal data. You can reduce this risk by excluding sensitive pages or scanning only the pages you need.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Send you scan completion notifications and scheduled scan alerts
  • Send you weekly summary emails (if opted in)
  • Respond to your comments, questions, and support requests
  • Send you technical notices, updates, security alerts, and administrative messages
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address technical issues and fraudulent activity
  • Comply with legal obligations

4. Data Storage and Security

4.1 Data Storage

Your data is stored using the following infrastructure:

  • Database: PostgreSQL hosted on Neon (via Vercel), with encrypted connections
  • Application: Hosted on Vercel with edge network distribution
  • Scanner: Runs on Modal.com's serverless infrastructure

4.2 Security Measures

We implement industry-standard security measures, including:

  • Password Security: Passwords are hashed using bcrypt (one-way hashing), never stored in plain text
  • Credential Encryption: HTTP Basic Auth credentials and session data are encrypted at rest using AES-256-GCM
  • Transport Security: All data in transit is encrypted using TLS/HTTPS
  • Security Headers: We implement HSTS, X-Frame-Options, Content Security Policy, and other security headers
  • Access Control: Strict authentication and authorization checks for all API endpoints

While we use commercially reasonable efforts to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

In the event of a security incident affecting your personal information, we will notify you and relevant authorities as required by applicable law.

5. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active and for a reasonable period afterward for legal and business purposes
  • Scan History: Detailed scan results are retained while your account is active and as needed to provide the Service. We may delete or aggregate older scan results over time (for example, retaining high level score history while removing detailed issue records) and retention may vary by plan or feature availability
  • Authentication Credentials: Stored only while your site is configured for authenticated scanning. Removed when you delete the site or disconnect authentication
  • Payment Records: Retained as required by tax and accounting regulations (typically 7 years)

You may request deletion of your data at any time by contacting us at support@chekku.dev.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Authentication: Maintain your login session (essential cookies)
  • Preferences: Remember your settings and preferences
  • Analytics: Understand how users interact with the Service (if Google Analytics is enabled)

We do not use cookies for targeted advertising, and we do not sell personal information.

6.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, security). These cannot be disabled.
  • Analytics Cookies: Help us understand usage patterns. You can opt out through your browser settings or by using browser extensions like Google Analytics Opt-out.

6.2 Managing Cookies

Most web browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of the Service.

7. Third-Party Services

We use third-party services to operate the Service. These providers may have access to your information only to perform specific tasks on our behalf and are obligated to protect it:

8. Data Sharing

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: With third-party service providers who assist in operating the Service (as listed above)
  • Legal Requirements: If required by law, court order, or governmental authority
  • Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
  • With Consent: With your explicit consent for any other purpose

9. Your Rights and Choices

9.1 Account Access

You can access and update your account information at any time through your account settings.

9.2 Email Preferences

You can control email notifications through your account settings:

  • Scan report emails for scheduled scans (account-level + per-site controls)
  • Weekly summary emails (can be disabled)

Note: You will still receive essential account-related emails (security notices, billing confirmations, Terms updates).

9.3 Data Export

You can export your scan data in Markdown, JSON, or PDF format through the Service.

9.4 Account Deletion

You can request deletion of your account and associated data by contacting support@chekku.dev. We will process deletion requests within 30 days, subject to legal retention requirements.

9.5 Rights for EEA/UK Residents (GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local supervisory authority

Our legal basis for processing is typically contract performance (providing the Service you requested), legitimate interests (improving our Service, security), or consent (marketing communications).

9.6 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and sell (we do not sell personal information)
  • Request deletion of your personal information
  • Opt out of the sale of personal information (not applicable as we do not sell data)
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information
  • Limit the use of sensitive personal information

To exercise any of these rights, please contact us at support@chekku.dev.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring our service providers maintain appropriate security measures
  • Compliance with applicable data protection regulations

11. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at support@chekku.dev.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page
  • Notify you via email (for registered users)
  • Provide a prominent notice on the Service

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Do Not Track

Some browsers include a “Do Not Track” (DNT) feature. Because there is no accepted standard for how to respond to DNT signals, we do not currently respond to DNT signals. However, you can control tracking through your browser's privacy settings and by opting out of analytics cookies.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For data protection inquiries from the EEA/UK, you may also contact your local supervisory authority.

← Back to Home