C
Comply Scan Pro
Accessibility compliance intelligence
Home
Trust CenterData StewardshipRetention by design

Trust & Data Stewardship

Comply Scan Pro was built for organizations that need accessibility intelligence without data exposure. We separate what’s required to run your scans from anonymized signals used to improve scoring and produce benchmarks.

View the data modelSee retentionAI policyWhy safer
At a glance
  • Customer scan data (OCD)Not sold / not shared
  • Benchmarks (PID)Anonymous aggregation
  • Default retention18mo / 5yr / 90d
  • AI trainingNo customer OCD
Looking for legal text? See Privacy (if published) or request the contract exhibit during procurement.

Data Classes

Operational Compliance Data (OCD)

Customer-scoped data generated to run scans and deliver reports. This includes scan targets, findings, telemetry, and exported reports.

  • Access-controlled per customer
  • Retention-limited
  • Used only to provide the requested compliance service
Platform Intelligence Data (PID)

Anonymized, aggregated analytics used to improve detection quality and provide industry benchmarks.

  • Stored using non-reversible hashed identifiers
  • Contains no URLs, domains, page paths, user IDs, or scan IDs
  • Used only in aggregate and cannot be used to identify a customer

Industry benchmarks

Benchmarks are computed from anonymized aggregate scoring data. We do not store or expose URLs, domains, scan IDs, or user IDs. Benchmarks are displayed only after a minimum sample size is reached.

Benchmarks will appear automatically once enough anonymized data is available. Current sample size: 0 / 500.
This prevents small-sample noise and protects privacy.

Two data classes

Operational Compliance Data (OCD) stays in your account. Platform Intelligence Data (PID) is anonymized and aggregated.

Operational Compliance Data (OCD)

Customer-owned

The data needed to scan, generate reports, and support auditability for your workspace.

  • • Scan targets and crawl scope
  • • Findings, severity, remediation context
  • • Telemetry (coverage, fetch results, timing)
  • • Reports and exports
  • • Scan configuration (WCAG level, toggles)
Never soldNever shared across accountsNot used for AI training

Platform Intelligence Data (PID)

Anonymous

Aggregated signals that improve scoring quality and enable benchmarks without exposing customer sites.

  • • Aggregated rule trigger rates
  • • Severity distributions
  • • Score bands and percentiles
  • • High-level technology fingerprints
  • • Industry medians and top-quartile references
No URLsNo HTML/contentNo identifiers
Key point: PID is designed to be non-attributable. It does not contain raw URLs, page paths, HTML, scan IDs, user IDs, or workspace identifiers.

Why PID exists

Benchmarks require intelligence — not your site data.

Without PID, accessibility scores are just numbers. With PID, Comply Scan Pro can provide decision-grade context — like industry medians and top-quartile benchmarks — without exposing any customer’s site content.

Benchmark meaning
Industry median, top quartile, percentile bands
Better prioritization
Impact-aware fix ordering and risk framing
Scoring calibration
Continuous tuning without reusing customer content

Data flow

From scan to report to anonymized aggregation.

Your website
Target + scope you configure
Operational scan (OCD)
Findings, telemetry, exports
Anonymized aggregation (PID)
Non-attributable stats for benchmarks
PID excludes URLs, page paths, query strings, fragments, HTML content, and identifiers.

Retention

Designed to minimize long-lived sensitive operational data.

Data
Default retention
Notes
Operational scan data (OCD)
18 months
Findings + telemetry retained for auditability and trends
Exported reports
5 years
Retains report artifacts for procurement and compliance workflows
Audit logs
90 days
Operational auditing for security and support
Data is deleted after retention expiration.

AI policy

We do not train public or general-purpose AI models on customer OCD.

Comply Scan Pro does not use customer URLs, page content, findings, or reports to train public or general-purpose AI models.

No customer OCD trainingBenchmarks from anonymous PID

Customer controls

You control scope and configuration. Your workspace data remains isolated.

  • Scope: You define which URLs are scanned and how deep crawling goes.
  • Standards: You select WCAG level and scan options that affect results.
  • Isolation: Your operational data is access-controlled within your workspace.
Compliance settingsBack to scans

FAQ

Fast answers for security review and procurement.

Do you sell customer scan data?

No. Customer Operational Compliance Data (OCD) is not sold and is not shared across customer accounts.

What’s included in PID?

PID contains anonymized, aggregated metrics like rule frequency, severity distributions, and score bands. PID excludes URLs, HTML, page paths, identifiers, and any customer-unique content.

Do you train AI on our data?

No. Comply Scan Pro does not train public or general-purpose AI models on customer OCD.

Can retention be customized?

Retention defaults are designed for auditability and procurement workflows. Enterprise plans may support retention customization by written agreement.

Procurement request? View the Data Handling Exhibit defining OCD vs PID, ownership, permitted use, AI training restrictions, and retention.

Ready to see this applied to your site?

Run a scan using the same privacy model described above. No account required for a preview, and no customer data is used for training or shared across workspaces.

Try a scanWhy this is safer
Comply Scan Pro
This Trust Center summarizes how data is handled. For formal terms, refer to your agreement.
Last updated: January 13, 2026