AccessScout

Privacy Policy

Effective date: May 7, 2026. This policy describes how Bostrix, Inc. handles information in connection with AccessScout. Have qualified legal counsel review it for your compliance program.

1. Who we are

AccessScout is a subproduct of Zaviora, operated by Bostrix, Inc. ("Bostrix," "we," "us"). The production site for this offering is accessscout.zaviora.com. Zaviora is a product of Bostrix.

2. Scope

This Privacy Policy applies to information processed when you visit https://accessscout.zaviora.com, create or use an account, purchase services, contact us, or otherwise interact with the Service. It does not govern third-party sites or services we do not control, including websites you choose to scan using the Service.

3. Information we collect

Account and profile. Name, email address, password or authentication tokens, organization details you provide, and preferences.

Service usage. URLs and parameters you submit for scanning; scan job metadata (for example, status, timestamps, severity counts); technical logs (for example, IP address, user agent, request paths) for security, rate limiting, and reliability.

Scan content. To perform a scan, our systems may temporarily retrieve and process third-party web content. We design the Service to retain structured results (such as rule outcomes) rather than full page archives where possible; however, limited content or diagnostic data may appear in logs during incident response or debugging.

Payments. If you purchase paid features, our payment processor (for example, Stripe) collects billing details. We receive limited billing metadata (such as customer identifiers, subscription status, and transaction references), not full payment card numbers.

Communications. Content of emails or support tickets you send us and related metadata.

Cookies and similar technologies. Session and security cookies, preference storage (for example, theme), and similar technologies needed to operate and secure the Service. We do not use third-party advertising cookies on this policy's effective date; if that changes, we will update this Policy.

4. How we use information

We use information to:

  • Provide, operate, maintain, and improve the Service.
  • Authenticate users, prevent fraud and abuse, and enforce our Terms.
  • Process payments and fulfill orders.
  • Communicate about the Service, security, and policy updates.
  • Comply with law and respond to lawful requests.
  • Analyze aggregate or de-identified usage to improve product quality.

5. Legal bases (EEA, UK, and similar regions)

Where GDPR or comparable laws apply, we rely on one or more of:

  • Performance of a contract—to deliver the Service you request.
  • Legitimate interests—for example, securing the Service, analyzing aggregate usage, and communicating about your account, balanced against your rights.
  • Legal obligation—where required by law.
  • Consent—where we ask for it (for example, certain optional communications or non-essential cookies), which you may withdraw.

6. How we share information

We may share information with:

  • Service providers who process data on our behalf under contracts (for example, hosting, database, email delivery, authentication, analytics, and payment processing).
  • Professional advisors (lawyers, accountants) when necessary.
  • Authorities when required by law or to protect rights, safety, and security.
  • Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell personal information as those terms are commonly defined in U.S. state privacy laws.

7. International transfers

We may process information in the United States and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

8. Retention

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce agreements. Scan results and logs may be retained for a limited period consistent with operations and security. You may request deletion of your account subject to legal exceptions; some residual copies may persist in backups for a period before automatic rotation.

9. Security

We implement technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export personal information; object to or restrict certain processing; withdraw consent; and lodge a complaint with a supervisory authority. To exercise rights, contact us using the details below. We may verify your request as permitted by law.

California residents. You may have rights under the California Consumer Privacy Act (CCPA), including to know, delete, and opt out of certain sharing. We do not "sell" or "share" personal information for cross-context behavioral advertising as described in this Policy's effective version.

11. Children

The Service is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe we have done so inadvertently.

12. Changes to this Policy

We may update this Privacy Policy by posting a revised version and updating the effective date. If changes are material, we will provide notice as required by law.

13. Disclaimer

The Service provides automated scans and reports for informational purposes. Use of analytics or scan data does not replace privacy impact assessments or legal counsel where those are appropriate for your organization.

14. Contact

For privacy requests or questions, contact Bostrix, Inc. through the channels published on accessscout.zaviora.com. Add a dedicated privacy inbox in production if required by your compliance program.