Last updated: 29 April 2026
RedFlag ("we", "us", "our") is an accessibility auditing tool operated by Qern Pty Ltd, based in the Australian Capital Territory, Australia. Our website is redflagstatus.com.
Account data. When you sign up, we store your email address. We use it to authenticate you, send password-reset emails, and (very occasionally) notify you of important service changes. We do not send marketing emails.
Scan results. When the extension scans a page it automatically saves accessibility violations to your dashboard. This includes CSS selectors, HTML snippets, axe-core rule IDs, WCAG criteria, and the URL of the scanned page. This data belongs to you. You can delete it at any time from your dashboard.
Payment data. Pro plan subscriptions are processed by Stripe. We never see or store your card number, CVV, or bank details. Stripe shares a subscription status and customer ID with us so we know which plan you're on. Stripe's privacy policy is at stripe.com/privacy.
Usage data. Our hosting provider (Netlify) collects standard server logs including your IP address and the pages you visit. We do not use third-party analytics scripts. We do not set tracking cookies.
Admin analytics. Aggregate, non-personally-identifiable metrics (total violation counts, scan activity, violation category breakdowns, and plan counts) are visible to RedFlag administrators for the purpose of operating and improving the service. This data is derived from the scan results already stored in your account and is never shared externally.
The Chrome extension runs axe-core entirely inside your browser. No page content is transmitted to our servers during a scan. Violation results are automatically saved to your dashboard after each scan so you can track issues over time. You can delete your scan data at any time.
We do not sell your data. We share it only with the sub-processors needed to run the service:
Each sub-processor processes data only as instructed and under confidentiality obligations.
Our login and sign-up pages use Cloudflare Turnstile to protect against automated abuse. Turnstile runs a privacy-preserving challenge in your browser — it does not use tracking cookies or display an image puzzle. Cloudflare may process your IP address and browser signals to verify the challenge. This data is governed by Cloudflare's privacy policy.
The Chrome extension uses chrome.storage.local to store your authentication session and in-progress crawl state. This data stays on your device and is cleared when you sign out or uninstall the extension. We do not use cookies in the extension itself.
The web dashboard sets a session cookie issued by Supabase Auth to keep you signed in. It is a secure, HTTP-only cookie and is cleared when your session expires or you sign out.
We keep your account data for as long as your account is active. If you delete your account, all associated domains, violations, and scan history are permanently deleted within 30 days. Payment records are retained by Stripe for their required period for tax and compliance purposes.
Scan history access by plan. Free plan users can view violation data from the last 3 days in their dashboard. Older data is stored but not displayed until you upgrade. Pro plan users have access to their full, lifetime scan history with no time restriction. Data is never deleted based on plan — only access in the dashboard is limited.
You can request a copy of your data, correction of inaccuracies, or deletion of your account at any time by emailing us. If you are located in the EU or UK, you have additional rights under GDPR/UK GDPR. If you are in Australia, the Privacy Act 1988 (Cth) applies.
If we make material changes, we will update the "Last updated" date above. Continued use of the service after a change constitutes acceptance of the updated policy.
Questions? Email us at support@qern.com.au.