Privacy Policy
How SmileLyra handles your data.
Last updated: June 18, 2026
SmileLyra is a web accessibility audit platform based in Seattle, WA. This policy describes what data we collect, how we store it, and how we handle it.
Data we collect
- Account information: Email address and hashed password when you register
- Scan targets: The URLs of websites you or we submit for accessibility auditing
- Scan results: WCAG violations detected by automated tools, Lighthouse scores, and screenshots of publicly accessible pages
- AI-generated review annotations: Notes and flags produced by our automated AI-assisted review pass during audit processing
- Generated reports: PDF audit reports stored on our server
- Billing information: Stripe customer ID and subscription status — we never store raw card numbers
- Sample scan submissions: Email address and website URL submitted through the free scan form; IP address is hashed (SHA-256) before storage
Data we do not collect
- Patient personal data or PHI — we do not intentionally collect it and we scan only publicly accessible web pages. If publicly visible page content incidentally contains personal data, we do not use it and will remove it on request.
- Raw payment card data — all payments are processed by Stripe
How we use your data
We use your data to deliver the services you have purchased, communicate with you about your account and reports, and operate and improve the platform. We do not sell your data to third parties. We do not use your scan results for any purpose other than delivering your audit.
Data retention
Account data and audit records are retained for the duration of your account. After your account is closed, we retain only the data needed to resolve any open disputes and to comply with our legal obligations under applicable law, and delete or de-identify the rest. You may request deletion of your account and associated data at any time by emailing us. We will fulfil deletion requests within 30 days, except where retention is required by law or for legitimate dispute resolution purposes.
Third-party services
- Stripe: Payment processing. Subject to Stripe's privacy policy.
- MongoDB Atlas: Database hosting. Data is stored in US regions.
- Google Fonts: Loaded for report rendering. Google receives standard browser request metadata.
- Anthropic (Claude API): Our AI-assisted review pass sends content and screenshots of scanned (publicly accessible) pages to Anthropic for analysis.
- Railway (hosting): Server logs may contain IP addresses and request metadata per Railway's retention policy.
Your rights
You may request access to, correction of, or deletion of your personal data at any time. Contact us at the address below. We will respond within 30 days.
Contact
SmileLyra · Seattle, WA