Privacy Policy
Last Updated: January 11, 2026
1. Introduction
EnableAll Limited ("EnableAll," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we process, collect, use, disclose, transfer, and store Personal Data (as defined below). It also tells you about your rights and choices with respect to your Personal Data, and how you can contact us if you have any queries or concerns. By using our Services (as defined below), you agree to the practices described herein. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service (available at www.enableall.com/terms-of-service).
EnableAll is committed to Privacy by Design principles. Privacy considerations are built into our products and services from the outset.
2. Definitions & Scope
Customers are businesses or organizations that subscribe to our Services.
Customer Personal Data means Personal Data that EnableAll processes as a processor on behalf of a Customer in connection with the Services, including (where applicable) End User Personal Data and Customer Personnel Personal Data.
Customer Personnel Personal Data means Customer Personal Data relating to Customer Personnel (e.g., account user contact details and authentication data) processed by EnableAll on behalf of Customer.
EnableAll Auto-Audit refers to the EnableAll website accessibility checker made available on the EnableAll Website and as part of its SaaS platform alongside the EnableAll Code-Fix App.
EnableAll Code-Fix App refers to the cloud-based SaaS platform our Customers subscribe to (paid or trial) for managing web accessibility.
EnableAll Assist-Bar refers to the accessibility toolbar that shows on Customer’s website that is has downloaded EnableAll Code-Fix App onto.
EnableAll Professional Services refers to our provision of accessibility consulting, audit, and IT support and development services.
EnableAll Website refers to our corporate site (www.enableall.com) for information such as marketing and support.
End Users are individuals who visit, access, or use a Customer's website, including individuals who interact with our accessibility features (such as the EnableAll Assist-Bar).
End User Personal Data means Customer Personal Data relating to End Users on Customer Websites (e.g., accessibility preferences, technical identifiers, and feedback submitted through the Assist-Bar).
Personal Data means any information relating to an identified or identifiable natural person.
Services collectively refer to the EnableAll Code-Fix App, EnableAll Assist-Bar, EnableAll Auto-Audit, EnableAll Professional Services and/or EnableAll Website (this privacy policy applies whether data has been provided for a single or multiple services).
2.1 What We Do
EnableAll is a cloud-based SaaS solution provider offering web accessibility software solutions that help our Customers make their websites more accessible in stronger alignment with accessibility guidelines and legislation such as the Web Content Accessibility Guidelines ("WCAG"). EnableAll makes best efforts to offer a software solution and AI-powered capabilities to improve website compliance in greater alignment with important accessibility standards.
3. Our Role: Controller vs Processor
Under UK and EU data protection laws, the "controller" determines the purposes and means of processing Personal Data, while a "processor" processes Personal Data on behalf of a controller.
Our role varies depending on the context:
| Context | Enableall's Role | Explanation |
|---|---|---|
| Customer account users and administrators | Controller | We determine why and how we process account data for Customers who subscribe to our Services. |
| End User account owners | Controller | If an End User creates an account we become a controller of their data. |
| End Users on Customer websites (widget users) | Processor | When End Users interact with the Assist-Bar or other accessibility features on a Customer's website, the Customer is the controller and EnableAll processes data on the Customer's behalf in accordance with our Data Processing Agreement. Unless the End User shares their data with EnableAll for the purposes of creating an account. |
| Job applicants and candidates | Controller | We determine why and how we process your application data. |
Data rights requests: If you are an End User who has interacted with accessibility features on a Customer's website, please direct your data rights requests to that Customer in the first instance. EnableAll will assist the Customer in responding to such requests in accordance with our Data Processing Agreement.
4. Types of Data We Collect and Process
We may collect and process Personal Data about you in the ways outlined below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.
Information provided by you
- When you create an account and use our services as a Customer. If you register for an account, we will ask you to provide us with Personal Data, including your name and email address. We will not be able to provide you with the Services if you do not provide us with the information we request.
- When you make a payment. If you make a payment on our Services, your payment-related information, such as credit card information, is collected by our third-party payment processor on our behalf.
- When you contact us.If you contact us directly, including via website contact forms, email or phone enquiries, we may collect the Personal Data, such as your name, email address, phone number, the contents of a message or attachments that you may send to us, and other information you choose to provide.
- Other information you provide. We collect other information that you may provide to us, such as when you participate in our surveys or provide us with feedback.
- When you apply for a role in EnableAll. We collect Personal Data you provide as part of your job application, such as your responses to our screening questionnaires, CVs, cover letter, and education and work history.
- When you create an account and use our services as an End User. End Users do NOT have to create an EnableAll account in order to use the service, this is purely a choice for optimizing their browsing experience across multiple sites. If you register for an account, we will ask you to provide us with Personal Data, including your name and email address. By using our Assist-Bar we will link data about your browsing preferences to your personal details.
Information collected when you use our Services
- Location information. When you use our Services, we receive your location information. For example, we infer your location information by using your IP address.
- Company information. When you visit the EnableAll Website (www.enableall.com), we may receive information about the organization you are visiting from, and in some cases professional-level identification information. We may use third-party visitor analytics and enrichment services that rely on cookies, IP addresses, device identifiers, and reverse DNS lookups, and that may reference third-party databases (such as LinkedIn). This allows us to identify the organization you represent and, for some U.S.-based traffic, may associate visits with publicly available professional information such as name, job title, and company. This processing is used for business analytics, sales, and marketing purposes and does not apply to End Users interacting with accessibility features on Customer websites.
- Device information. We receive information about the device and software you use to access our Services, including IP address, device type, device identifiers, web browser type and version, operating system version.
- Usage information. We automatically receive information about your interactions with our Services, like the pages or other content you view, referrer information (the website you visited before coming to our Services), the dates and times of your visits, the purchases you make, the searches you conduct.
- cookies and other tracking technologies. We and our third-party partners collect information about your activities on our Services using cookies or other tracking technologies. Our third-party partners, such as analytics, advertising, and security partners, may also use these technologies to collect information about your online activities over time and across different services.
Information collected from other sources
- Information from third parties. If you choose to link our Services to a third-party account, we may receive Personal Data about you and your use of the third-party account. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
- Information from other individuals. If you are employed by us, we may process your Personal Data in the course of onboarding you. For example, we will collect references from your previous employers and notes from your interview and assessments.
- Other sources. We receive information from our trusted partners, such as security partners, to protect against fraud, abuse, and other security threats to our Services.
5. End Users on Customer Websites (Widget Users)
This section applies specifically to individuals who visit a Customer's website and interact with EnableAll's accessibility features (such as the Assist-Bar) without creating an account directly with EnableAll.
5.1 Controller/Processor Relationship
When End Users interact with accessibility features on a Customer's website:
- The Customer is the data controller and determines why and how Personal Data is processed
- EnableAll acts as a data processor, processing data on the Customer's behalf in accordance with our Data Processing Agreement
5.2 Data We May Process
When End Users use accessibility features on Customer websites, we may process:
- Accessibility preferences and settings: Contrast settings, text size, spacing, reading guides, and other accessibility customizations selected by the End User
- Device and technical data: IP address (anonymized where possible), user agent, browser type, device type, and basic telemetry for functionality purposes
- Usage data: Interactions with accessibility features, which features are activated, and performance metrics
- Feedback submissions: If an End User provides feedback through the widget
5.3 Purpose of Processing
We process End User data on behalf of Customers for the following purposes:
- Providing accessibility functionality and features
- Maintaining security and preventing abuse
- Performance monitoring and service improvement
- Resolving technical issues and providing support
5.4 Retention
End User data is retained in accordance with our data retention policies (see Section 11) and our agreements with Customers. Accessibility preferences stored locally on the End User's device are controlled by the End User and can be cleared through browser settings.
5.5 How to Exercise Your Rights
If you are an End User and wish to exercise your data protection rights:
- First: Contact the Customer (the website owner) directly, as they are the data controller
- If needed: The Customer may contact EnableAll to assist with your request
- Alternatively: You may contact us directly at [email protected] and we will work with the relevant Customer to address your request
6. Legal Bases for Processing Personal Data
If you are located in the European Economic Area, Switzerland or the United Kingdom ("Europe"), we only process your Personal Data where we have a legal basis to do so. The legal bases we rely on include:
- Necessary to perform a contract. We will process your Personal Data where it is necessary to give effect to a contract between you and us, for example when you subscribe to our Services, or otherwise accept our Terms of Service.
- Necessary for compliance with a legal obligation to which we are subject. We may process your Personal Data where we are required to do so to comply with our legal obligations, for example to comply with tax and accounting obligations or to comply with a court order.
- Necessary for a legitimate interest that we pursue. Where we or a third party have a legitimate interest in processing your Personal Data, we may do so provided that our interest is not overridden by your rights and interests. We may rely on this legal basis to, for example, keep business records, respond to unsolicited communications from you, assert our legal rights and obtain professional advice.
- Consent. We may also process your Personal Data on the basis of consent in some circumstances. For example, we may ask for your consent to sign up to direct marketing. You may withdraw your consent at any time by contacting us.
7. How We Use Your Personal Data
We process the Personal Data listed above for the following purposes:
- Providing the Services. We use Personal Data about you to operate, maintain, personalize, and provide our Services, such as allowing you to login and communicate with other users. We may also use your Personal Data to enhance, improve, operate, and maintain our Services.
- Communicating with you. We use your contact details to contact you for administrative purposes (e.g., to provide services and information that you request) or to assist with customer support. We may also send you information on security alerts, billing notices, and service updates.
- Analytics and insights. We use Personal Data about you to analyze user behavior and preferences to improve our Services and marketing campaigns, as well as to develop new products, services, features, and functionalities.
- Billing and transactions. We process Personal Data, such as details about your subscription and your transaction and payment information, to verify payment completion, manage subscription access, generate invoices, and maintain accurate billing records.
- Marketing. We may use your Personal Data to provide you with relevant marketing materials. For example, we may contact you regarding products, Services, and offers, both from ourselves and from third parties, that we believe you may find of interest, which may be tailored to you, based on information such as your interests and preferences. We may send you newsletters with product announcements, and promotional emails, which you can unsubscribe from at any time via the link in the email or by contacting [email protected].
- Legal. We use your Personal Data for compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
- Fraud prevention. We may use your Personal Data to find and prevent fraud and abuse, and respond to trust and safety issues that may arise.
- Employment. If you have applied for a role with us, we will use your Personal Data to assess your application, conduct equal opportunities monitoring, and schedule your interviews. If you are successful, we will use your Personal Data to assist with your onboarding, payment of your salary and other employment purposes.
- For other purposes for which we provide specific notice at the time the information is collected.
8. Data Sharing & Third Parties
We may share information with third parties to assist us in providing our services, including:
- Service Providers. We may disclose your Personal Data to vendors, service providers, contractors, or agents who perform Services on our behalf or assist in providing the Services. These include providers of hosting services, cloud services, and other information technology services, payment processing providers (e.g., Paddle, Shopify Payments); and providers of professional services, such as accounting, auditing, and legal services.
- Analytics providers. We may share your Personal Data with third party analytics services (such as Google Analytics) to improve our Services, including understanding our users' interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, or functionality available through the Services.
- Merger, sale, or other asset transfers. We may disclose or otherwise transfer Personal Data to an acquirer, successor or assignee as part of the consideration, negotiation, or completion of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- As required by law and similar disclosures. We may disclose Personal Data to comply with legal obligations, such as responding to lawful requests from public authorities, including to meet national security or law enforcement requirements, or to enforce or apply our agreements or policies, or to protect the rights, privacy, safety, or property of EnableAll, our users, or others.
- Consent. We may disclose your Personal Data with your permission.
EnableAll does not sell your Personal Data to third parties. A list of our current sub-processors is available at www.enableall.com/legal/sub-processors.
9. International Data Transfers
EnableAll is based in the United Kingdom. We may use third party service providers located outside the UK to process your Personal Data. Where we do so, we take measures to ensure that your Personal Data remains protected in accordance with this Privacy Policy and applicable data protection laws.
In particular, for data transfers outside UK, we will rely on (i) a UK government adequacy decision, (ii) contractual protections for the transfer of your Personal Data, including entering into data transfer agreements with relevant parties, or (iii) another valid data transfer mechanism. If you are located in the UK, you may contact us as specified below for more information about the safeguards we use to transfer Personal Data outside of the UK.
For our Microsoft Azure hosting: EEA Customers are hosted on servers within the EEA, while US/Canadian Customers are hosted on American servers. Other Customers may be hosted on European, American, or other servers as deemed appropriate for optimal service delivery.
10. Data Security, Breach Response & Retention
10.1 Security Measures
We implement appropriate technical and organizational security measures designed to help protect personal data from unauthorized access, disclosure, alteration, and destruction, including:
- Enterprise-grade platform that prioritises and protects privacy and data protection.
- Encryption in transit (TLS) and at rest.
- Access controls and multi-factor authentication.
- Regular vulnerability scans and penetration testing.
- Staff training on data protection.
- Real-time logging and automated alerting on anomalous events.
- Intrusion-detection/prevention systems and centralized SIEM for security-event correlation.
- Scheduled vulnerability scans and formal patch-management process with SLA-backed remediation windows.
- Built-in "offline" or "maintenance" modes in the UI with informative messages.
However, no transmission or storage method is completely secure, and we cannot guarantee absolute security of any information we collect and store.
10.2 Privacy by Design
We conduct Data Protection Impact Assessments (DPIAs) where required and build privacy-by-design principles into our product development processes. This includes considering privacy implications at the design stage of new features and services.
10.3 Breach Response
In the event of a Personal Data breach:
- We maintain incident response procedures to detect, investigate, and respond to potential breaches
- Where required by law, we will notify the relevant supervisory authority (such as the UK Information Commissioner's Office) within 72 hours of becoming aware of a qualifying breach
- We will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
- Where EnableAll is acting as a processor, we will notify the relevant Customer (controller) without undue delay upon becoming aware of a Personal Data breach
- We maintain documentation of all breaches, including facts, effects, and remedial actions taken
11. Data Retention
We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. For example, we may need to retain your Personal Data to comply with tax requirements, or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our Terms of Service.
11.1 Retention by Data Category
| Data Category | Retention Period |
|---|---|
| Corporate subscriber/account data | Duration of subscription plus 5 years |
| Billing/payment data | Up to 7 years (to comply with tax and accounting requirements) |
| End User/widget data | As agreed with Customer; anonymized where possible |
| Customer employee data | Duration of Customer relationship plus 2 years |
| Support communications | 3 years from resolution |
| Marketing data/leads | Until consent withdrawn or 3 years of inactivity |
| Job applicant data | Up to 12 months |
| Job candidate data (unsuccessful) | Up to 12 months |
| Employee data | Duration of employment plus 7 years |
When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations. In some cases, the length of time we retain data depends on your settings.
When we no longer need to use or retain your Personal Data, we will either remove it from our systems or anonymize it so that it no longer identifies you.
12. Your Rights (UK/EU)
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the following legal rights under applicable data privacy laws:
- Access and portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
- Rectification and deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymized or deleted, as appropriate.
- Restriction and objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
- Consent withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
You may exercise these rights by contacting us at [email protected]. We will respond to your request within one month, though this may be extended by a further two months for complex requests. Please note that there are exceptions and limitations to each of these rights.
12.1 Complaints
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your Personal Data in accordance with data protection law. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
13. Children's Privacy
Our Services are not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under 18. We do not knowingly allow children under 18 to create accounts or use our Services.
If we learn that we have collected Personal Data from a child under 18, we will take steps to delete such information from our systems as soon as possible. If you are a parent or guardian and believe that your child has provided us with Personal Data without your consent, please contact us at [email protected].
14. Automated Decision-Making
We do not use your Personal Data for automated decision-making that produces legal effects or similarly significant effects concerning you, as described in Article 22 of the UK GDPR.
Where we use AI or machine learning in our Services (such as for automated accessibility remediation), these features are designed to assist with accessibility improvements and do not make decisions that have legal or similarly significant effects on individuals.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Post the updated version on our website
- Update the "Last Updated" date
- For material changes, notify you through our Services, by email, or other appropriate communication
The revised version will be effective when posted unless otherwise specified.
17. Contact Information
Should you have any questions regarding this Privacy Policy, about our processing of your Personal Data or if you wish to exercise your rights with respect to your Personal Data, you can contact EnableAll by email: [email protected] or by writing to us at the address specified below.
UK
EnableAll Limited
UK Address:
EnableAll Limited
4th Floor,
Parkview, 82 Oxford Road,
Uxbridge, UB8 1UX,
United Kingdom
USA
EnableAll Inc
USA Address:
EnableAll Inc
1 North Broadway, STE 1020
White Plains, NY 10601
United States
Email: [email protected]
Website: www.enableall.com
For any questions about this privacy policy or our data processing practices, please contact us using the information above.
