Settings and security¶
Where settings live¶
A11yScanFix settings are grouped under the A11yScanFix admin menu: Scanner, Fixers, AI Alt Text, Statement, and (in Pro) Roles & Rules and Reports.
How your data is handled¶
- Scanning runs in your browser (axe-core). Page content is not sent to A11yScanFix or any third party.
- Results stay in your database (post meta, options, transients). No custom database tables are created.
- AI API keys are stored encrypted in the options table and are sent only to the AI provider you chose, only when generating alt text.
Permissions¶
Every form and request is protected against cross-site request forgery (a nonce), and each action checks a WordPress capability:
| Action | Required capability |
|---|---|
| Run scans, view the dashboard, apply fixers, export CSV / JSON | Edit Posts (Editors and Administrators) |
| Change settings, recompute the summary, send a test email report | Manage Options (Administrators only) |
Role-based dismiss permissions PRO
On the Settings -> Roles & Rules tab, Pro lets you choose which user roles may dismiss issues. Administrators always can; by default Editors can too. Tick or untick roles to widen or narrow who is allowed.