Privacy Policy — FixAllyScore

The short version

FixAllyScore is a desktop application. Your course content is processed entirely on your computer and is never sent to our servers. We do not see your files, your Canvas data, or your students' information.

This policy explains what little data we do handle, and why. We've written it in plain language because you shouldn't need a law degree to understand a privacy policy.

What FixAllyScore is

FixAllyScore is a desktop app that helps instructors and course designers fix accessibility issues flagged by Ally in Canvas LMS. It runs locally on macOS and Windows. All file processing -- PDF tagging, alt-text generation, slide remediation -- happens on your machine.

Data we collect

Email address -- only if you create an account for the paid tier. We use it to manage your license and send you important product updates (never marketing spam).
Payment information -- processed entirely by Stripe (opens in new tab). We never see or store your full card number. We receive only a transaction confirmation and the last four digits for your records.
Basic app telemetry -- version number, OS, crash reports, and which features are used. This helps us fix bugs and prioritize improvements. You can disable telemetry at any time in Settings.

Data we do not collect

This is the important part. We never receive, transmit, or store:

Course content -- your syllabi, assignments, lecture notes, and any other files stay on your machine.
Student data -- names, grades, submissions, or any other student records.
Canvas API tokens -- your token is stored locally in your system's secure credential store. It never leaves your device.
Uploaded files or PDF contents -- everything is processed in place. Nothing is sent to any remote server.

FERPA compliance

Because FixAllyScore processes data exclusively on your local machine, it does not access, collect, or store any education records as defined under FERPA. The app does not act as a "school official" or third-party service provider, and no data-sharing agreement (DSA) is required to use it.

Your institution's data governance policies still apply to how you handle files on your own computer -- FixAllyScore simply doesn't add any new data flows to worry about.

Third-party services

Stripe -- handles payment processing for paid-tier subscriptions. Stripe's privacy policy is available at stripe.com/privacy (opens in new tab).

We do not use Google Analytics, Facebook pixels, or any other third-party analytics or advertising tools. The only analytics we collect is the optional, first-party telemetry described above.

Data retention

If you create an account, we retain your email and license information for as long as your account is active. If you cancel and request deletion, we remove your data within 30 days. Crash reports and anonymized telemetry are retained for up to 12 months.

Security

Account data is stored in encrypted databases with access limited to essential personnel. Communications between the app and our licensing server use TLS encryption. Since no course content ever reaches our servers, the most sensitive data never leaves your control.

Changes to this policy

If we make meaningful changes to this policy, we'll notify you via email (if you have an account) or through an in-app notice. We won't quietly reduce your privacy protections.

Contact

Questions or concerns about privacy? Reach us at hello@fixallyscore.com. We respond to every message.