Skip To main content

Community survey

| Contribute to the 2026 State of Digital Accessibility Report |

Share your perspective

Privacy Statement

Version effective date: June 10, 2026

Introduction

 
Level Access (“Level”) and UserWay (together, “we,” “us,” or “our”) take privacy seriously. Our Privacy Program is designed to ensure we meet or exceed our obligations when it comes to protecting personal information, also known as personal data or personally identifiable information (PII). This Privacy Statement (Statement) explains our global privacy practices across Level Access and UserWay and how those practices apply to you.

This Privacy Statement is intended to provide a general overview of our global privacy practices. It is not intended to describe in detail the data processing activities of each specific product or service. Certain products, services, or features may be subject to additional privacy disclosures, in-product notices, or service-specific documentation that provide more detailed information about data handling practices. Where we process personal information on behalf of customers, such processing is governed by the applicable customer agreements and data processing terms.

Our products and services are primarily offered to businesses. In the course of doing business, we may process personal information relating to individuals who interact with us directly, such as customer representatives, business contacts, website visitors, and job applicants.

Where our customers use our products or services in a way that involves personal information relating to their own end users or consumers, we generally process that information on the customer’s behalf and under the applicable customer relationship. We do not control how customers configure or use our products and services or the types of personal information they choose to process through them. In those cases, the customer is generally responsible for providing the relevant privacy information to those individuals and, where required, obtaining any necessary consents or permissions.

We design our products and services to support privacy by design principles and aim to limit the collection and use of personal information to what is reasonably necessary for the intended purpose.

We review our privacy practices and policies annually as well as when any changes occur that may affect their application. When major or user-impacting updates are made to this Statement, we will notify affected and interested parties as required by applicable law. Minor updates will be reflected in this document. Please review this Privacy Statement periodically to stay informed about our practices.

Information we collect

 

General

The categories of personal information we collect depend on how you interact with us, which products or services you use, and whether you are interacting with us as a customer representative, website visitor, job applicant, employee, or consumer/end user.

Processing Purpose Typical Legal Basis (where required) Categories
Use of our software services and general activity Contract; legitimate interests Users contact information, account credentials, audit logs, support records
Marketing and sales activities Legitimate interests; consent where required by law Business contact details, company details, event participation, communications preferences, lead source information
Delivering, securing, maintaining, and improving our software services and websites Legitimate interests; contract IP addresses, user agents, device/browser data, web browsing activity, logs, identifiers, error and performance data, usage patterns, event logs, device/browser data, account history, support interactions, and limited content samples where necessary and permitted
Employment and recruitment Contract; legal obligation; legitimate interests; consent where required Names, contact details, employment history, education, home addresses, taxation/payroll data, background check information, criminal history where permitted, national identification information where required
Information submitted directly to us through tools, forms, support channels, or accessibility-related workflows Contract; legitimate interests; consent where required Contact information, support and inquiry content, accessibility preferences, content submitted by users, and any personal information voluntarily included in materials or other content submitted directly to us for analysis or support

 

Cookies

We use cookies and similar technologies such as tracking pixels to enable software functionality and to operate our websites and software services, maintain secure sessions, remember preferences, analyze usage, and support marketing and sales activities.

Level also uses cookies and similar technologies like tracking pixels to enhance our marketing and sales activities. We gather information from recipients of our emails, visitors to our websites, form fills on our websites, and those who click on our ads to tailor and target our advertising.

 

These technologies may be used for the following purposes:

  • strictly necessary functionality and security;
  • performance, troubleshooting, and analytics;
  • remembering settings and user preferences;
  • marketing, ad measurement, and lead attribution where permitted.

Where required by applicable law, including in the UK and EU, we will obtain consent before placing non-essential cookies or similar technologies on your device, and we will provide a mechanism for you to manage your preferences.

You can typically remove or reject cookies through your browser settings, although doing so may affect the functionality of some services.

Use of our software services and general business activity

 

Software services

We provide a variety of software services, some of which require the creation of a user account which, by necessity, includes collection of basic contact information such as name and email address.

Our software services may also record activity within the services themselves, such as logins, reports viewed, tests performed, scans initiated, settings changed, support interactions, and similar action. We use this information to provide the service, troubleshoot issues, maintain security, administer the service, create audit logs, and improve the user experience.

General business activity

We operate like most modern businesses with email, file storage, other technologies, and sometimes paper (though we try to keep paper to a minimum). Through these processes we inevitably capture some basic contact and business information.

Certain products, services, or features may be subject to additional privacy disclosures, in-product notices, or service-specific documentation that provide more detailed information about data handling practices.

Marketing and sales activities

We believe that making every digital experience accessible is important for everyone, and our marketing and sales teams play a key role in our ability to do this.

We collect contact information from form completions on our websites, in-person events (for example, at conferences), virtual events, lead generation programs such as content syndication or appointment setting, our business partners, and public sources of information such as social networking websites, in accordance with applicable law.

Where permitted by applicable law, we may use business contact information to provide information about products, services, webinars, community events, reports, industry updates, and opportunities to work together. Where consent is required, we will rely on consent. For leads and prospects in jurisdictions with direct marketing restrictions we will honor applicable consent and opt-out requirements.

To opt-out of marketing emails, one may simply click on the “unsubscribe” link at the bottom of any email. Alternatively, you may get in touch to unsubscribe or ask additional questions.

Please note that Level only works with business partners who, to our best information demonstrate a strong commitment to privacy. If we have gained your contact information from a business partner, you should have been informed by them about the collection and use of your information.

Joint marketing campaigns

We occasionally partner with other businesses to deliver joint marketing campaigns such as webinars where we both contribute to the content delivered. In these cases, either we or our partner will collect your information, and it will be shared with the other party.

This sharing is strictly limited between the two parties and only done once for each joint campaign, in accordance with applicable transparency and consent requirements.

We will make the co-sponsorship or joint collection context clear at the point of collection where required.

Technical usage data

When you visit or interact with our websites, software, or digital services, we may collect limited technical and usage information to operate, protect, support, and improve those services. This may include device and browser information, log data, configuration information, error reports, and other technical information generated through your interaction with our websites or services.

We use technical usage data to provide and maintain our services, protect the security and integrity of our systems, troubleshoot issues, respond to support requests, understand service performance, improve functionality and accessibility, and comply with applicable legal, contractual, or security obligations.

We aim to limit the collection and retention of technical usage data to what is reasonably necessary for these purposes.

Some of our business services may process information provided by or on behalf of our customers, including content, configuration information, support materials, or other service-related data. Where we process personal information on behalf of a customer, we do so under the applicable customer agreement and data processing terms. Customers are responsible for ensuring they have the necessary rights, notices, permissions, and lawful bases for the information they provide or make available through the services.

Support, remediation, and customer communications

We use personal information contained in support tickets, onboarding communications, remediation requests, scanner submissions, and customer success interactions to respond to inquiries, deliver services, troubleshoot problems, and improve our offerings. Support communications may contain personal information voluntarily provided by customers or end users. We ask users not to submit unnecessary sensitive personal information unless required for the support request.

Employment and recruitment

Before employment, we collect personal information during the recruiting process to assess eligibility, administer recruitment, and, where applicable, prepare for employment.

Recruitment-related information may be retained for at least one (1) year and, where legally permitted, for a longer period where there is an ongoing business need, legal requirement, or potential future employment opportunity. Employment-related information may be retained for up to seven (7) years after the employment relationship ends, where permitted by law.

We use third-party recruitment and employment tools, including Greenhouse. Some recruitment and employment workflows may include automated assistance or similar features. We do not use solely automated decision-making that produces legal or similarly significant effects about individuals unless permitted by law and accompanied by required notice and safeguards.

AI Transparency

Some of our products, services, workflows, and internal business tools may include artificial intelligence, machine learning, or automated assistance features, including for accessibility analysis, issue identification, summarization, workflow support, customer assistance, or product improvement.

When AI-enabled features are used, we aim to be transparent about their role. Unless explicitly stated otherwise, AI-generated outputs are intended to support human review, prioritization, or decision-making and should not be treated as a substitute for independent verification where accuracy is important.

We do not use personal information to make solely automated decisions producing legal or similarly significant effects about individuals except where permitted by law and subject to applicable safeguards. Furthermore, we do not use customer content submitted through our services to train generalized AI models except as expressly disclosed or agreed.

Where personal information is used to support AI-enabled functionality, we take steps designed to limit the data used, reduce unnecessary exposure, apply appropriate access controls, and align the use with the purpose for which the information was collected or otherwise lawfully processed.

If a specific product feature uses AI in a materially different way, we may provide additional product-specific privacy disclosures or in-product notices.

Security, retention, and sharing

 

Security and retention

We do our best to protect all information entrusted to us. We take extra care to protect personal information and even more care to protect any sensitive personal information shared with us.

The types of protections we utilize include security and privacy awareness training for staff, strong access controls following principles such as least privilege and the need to know, vulnerability management, anti-malware and other preventative and detective controls, use of encryption, supplier risk management processes; secure disposal, and others. Contact us for more information about our security practices.

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Statement, including to provide services, comply with legal obligations, resolve disputes, enforce agreements, and maintain appropriate business and security records.

Retention periods may vary depending on whether we process information for our own purposes or on behalf of customers, the sensitivity of the information, the context of the relationship, and legal or contractual requirements.

Sharing

We do not sell personal information. We may share personal information with service providers, analytics providers, advertising partners, and joint marketing partners as described in this Privacy Statement and subject to applicable legal requirements.

We may share personal information under the following circumstances:

  • with affiliates and subsidiaries within our corporate group where relevant to shared operations, support, internal administration, security, service delivery, or other disclosed business purposes;
  • with service providers, vendors, contractors, and subprocessors that help us operate our business and provide our products and services;
  • with joint marketing partners where disclosed;
  • with research clients or partners in accordance with the study terms and disclosed protections;
  • with regulators, law enforcement, government agencies, courts, or other third parties where required by law or legal process;
  • in connection with an actual or proposed merger, acquisition, financing, reorganization, asset sale, or similar corporate transaction.

We ensure that all shared information is handled in accordance with industry standards of security, privacy and confidentiality. In all cases where data is shared, we ensure that third parties provide a minimum level of security and provide contractual guarantees for the preservation of data rights and the protection of personal information.

International transfer of information

Level Access operates globally and occasionally shares personal data across borders with its subsidiaries and other entities within the Level Access Group. This international data sharing is essential for our integrated business operations and service enhancement.

We operate globally and may transfer personal information across borders, including among affiliates, subsidiaries, service providers, and other entities that support our operations in the United States, Canada, Mexico, Israel the European Union, the United Kingdom, and other jurisdictions in which we or our providers operate.

Compliant with applicable law, we implement appropriate safeguards for cross-border transfers, which may include contractual protections such as standard contractual clauses, adequacy mechanisms, intra-group arrangements, or other lawful transfer tools. Additional information about international transfer safeguards may be provided upon request and as required by law.

Children

Our business activities, websites, and software services are not directed to children, and we do not knowingly collect personal information from children under 16 unless specifically disclosed in connection with a service designed to permit such collection lawfully and with appropriate authorization. If you believe a child has provided personal information to us inappropriately, please contact us and we will investigate and take appropriate steps.

Your rights

Depending on your location and subject to applicable law, you may have the right to:

  • opt out of direct marketing communications;
  • request access to personal information we hold about you;
  • request correction, updating, or rectification of your information;
  • request deletion of your personal information;
  • request restriction of processing;
  • object to certain processing, including processing based on legitimate interests;
  • request portability of certain personal information;
  • withdraw consent where processing is based on consent;
  • request information about categories of personal information collected, disclosed, sold, or shared, where applicable;
  • appeal or complain regarding our handling of privacy requests where such right exists.

We do not use personal information for solely automated decision-making, including profiling, in a manner that produces legal or similarly significant effects, except as permitted by law and described above.

U.S. State Privacy Rights, including California residents

Residents of certain U.S. states, including California, may have the right to request that we disclose what personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. California residents also have the right not to receive discriminatory treatment for exercising their privacy rights.

Where our customers use our products or services in a way that involves personal information relating to their own end users or consumers, that information is generally processed on the customer’s behalf and under the applicable customer relationship. In those cases, the customer is generally responsible for providing the relevant privacy notices and, where required, obtaining any necessary consents or permissions.

We do not knowingly sell personal information in the traditional sense, and we do not knowingly sell or share the personal information of individuals under 16 years of age.

Subject to applicable law, eligible residents may have the right to request access to, correction of, deletion of, or a portable copy of their personal information; to request information about our collection, use, and disclosure practices; to opt out of the sale or sharing of personal information; to limit certain uses of sensitive personal information where applicable; and not to receive discriminatory treatment for exercising their rights.

To the extent sensitive personal information is collected, we use and disclose it only for purposes permitted by applicable law unless additional notice and choice are provided.

Canadian residents

Canadian residents may lodge a complaint with us at any time, and we will investigate, respond, and take corrective actions as necessary. To file a complaint, please use one of the contact mechanisms described below. However, if you feel we haven’t responded adequately to your request, please lodge a complaint with the Privacy Commissioner of Canada.

Where required under Canadian law, we will obtain meaningful consent for the collection, use, and disclosure of personal information, subject to lawful exceptions.

EU and UK residents

We are committed to meeting applicable EU and UK data protection requirements, including the EU GDPR and UK GDPR, and applying those principles more broadly where appropriate.

We process personal data for the purposes described in this Privacy Statement using the lawful bases applicable to the relevant processing, including contract, pre-contractual steps, legal obligation, legitimate interests, consent, and other lawful bases permitted by law. Where we rely on legitimate interests, those interests include operating, improving, and securing our business, products, and services; providing support; understanding service usage; preventing fraud and misuse; conducting research; communicating with business contacts; and managing internal operations.

In limited circumstances, we may process special category data where permitted by law and subject to appropriate safeguards.

For the purposes of applicable EU and UK data protection law, we generally act as a controller where we process personal data for our own business purposes, and as a processor where we process personal data on behalf of a customer in connection with the customer’s use of our products or services.

We may share personal data with companies within our corporate group, service providers, vendors, contractors, professional advisors, disclosed research clients or partners, disclosed joint marketing partners, and public authorities or other third parties where required by law or in connection with a corporate transaction.

We retain personal data only for as long as necessary for the purposes described in this Privacy Statement, considering legal, contractual, operational, and security requirements.

Because we operate globally, personal data may be transferred outside the EU or UK. Where required by law, we implement appropriate safeguards for those transfers.

Subject to applicable law, individuals in the EU and UK may have the right to request access to, rectification of, erasure of, restriction of, or portability of their personal data, to object to certain processing, to withdraw consent where processing is based on consent, and to lodge a complaint with a supervisory authority.

We do not use personal data to make solely automated decisions that produce legal or similarly significant effects about individuals unless permitted by law and accompanied by the required notices and safeguards.

Israel

We are committed to handling personal information in accordance with applicable Israeli privacy and data security requirements, including the Protection of Privacy Law, 5741-1981, related regulations, and applicable guidance of the Israeli Privacy Protection Authority.

Where our customers use our products or services in a way that involves personal information relating to their own end users or consumers, we generally process that information on the customer’s behalf and in accordance with the applicable customer relationship. In those cases, the relevant customer is generally responsible for providing the primary privacy information to those individuals and, where required, obtaining any necessary consents or permissions.

Subject to applicable Israeli law, individuals may have the right to request access to personal information held about them and to request correction or amendment of inaccurate or incomplete information. We may transfer personal information outside Israel where permitted by applicable law and subject to appropriate safeguards.

Contact Us

To exercise your rights regarding your information, lodge a complaint, or if you have questions regarding this Privacy Statement or our privacy practices, please email us at privacy@levelaccess.com, call us at +1-800-889-9659, or write to us at:

Level Access, Inc.
800 Corporate Drive
Suite 301 PMB#645
Stafford, VA 22554

We thank you for your interest in our privacy program. Your feedback helps us realize our commitment to provide and improve a transparent and robust privacy program for all people with whom we interact.