🔒 Privacy Policy

Last updated: June 2026

1. Introduction

Welcome to scrapedatshi ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and API services (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Information We Collect

Information You Provide Directly

When you register for an account, we collect:

  • Your name and email address
  • A hashed password (we never store your plaintext password)
  • OAuth profile data if you sign in via GitHub or Google (name, email, provider ID)

Information Collected Automatically

When you use the Service, we automatically collect:

  • API request logs (endpoint called, timestamp, HTTP status code)
  • Usage statistics (request counts, tokens processed, vectors synced)
  • Your IP address and browser user-agent for security and rate-limiting purposes

Third-Party Credentials (Credential Vault)

If you choose to save third-party API keys (e.g., OpenAI, Pinecone, Weaviate) in our encrypted credential vault, those keys are encrypted at rest using AES-256 symmetric encryption. We do not transmit or share your stored credentials with any party other than the intended third-party service when you initiate a request.

Billing Information

If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full payment card number, CVV, or bank account details. Stripe handles all payment data under their PCI-compliant infrastructure. We receive and store only a Stripe customer ID and subscription ID to manage your account status.

Usage Events (Billable Activity)

For paid and Enterprise accounts, we log billable usage events — including the number of chunks generated, pages crawled, and pipeline runs — to calculate metered billing and display usage statistics in your billing dashboard. These events are associated with your account and retained for billing reconciliation purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Enforce API rate limits and usage quotas based on your subscription tier
  • Monitor for abuse, fraud, and security threats
  • Improve and develop new features for the Service
  • Communicate with you about your account or the Service (if you contact us)

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Cookies and Session Data

We use a single HttpOnly session cookie (portal_key) to maintain your authenticated session in the developer portal. This cookie:

  • Is set only after a successful login
  • Is marked HttpOnly and Secure — it cannot be accessed by JavaScript
  • Expires after 30 days of inactivity
  • Is deleted immediately when you sign out

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

5. Data Sharing and Third-Party Services

We do not share your personal data with third parties except in the following limited circumstances:

  • OAuth Providers: If you sign in with GitHub or Google, those providers share your profile information with us under their respective privacy policies. We do not share data back to them beyond the standard OAuth flow.
  • Infrastructure Providers: We use cloud hosting and database services to operate the Service. These providers process data on our behalf and are bound by confidentiality obligations.
  • Stripe (Payment Processing): If you subscribe to a paid plan, your payment information is transmitted to and processed by Stripe, Inc. Stripe's privacy policy governs how they handle your payment data. We share only the minimum information necessary to process your subscription (email address, subscription tier).
  • Legal Requirements: We may disclose your information if required by law, court order, or governmental authority.

6. Data Retention

We retain your account information for as long as your account is active. API request logs are retained for up to 90 days for debugging and usage analytics purposes. Sync job history is retained for up to 12 months.

You may request deletion of your account and associated data at any time by contacting us through the developer portal.

7. Security

We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt with a cost factor of 12
  • Third-party credentials are encrypted using AES-256 (Fernet) before storage
  • All data in transit is protected by TLS/HTTPS
  • Session cookies are HttpOnly and Secure
  • API keys are generated using cryptographically secure random functions

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Object to or restrict certain processing of your data
  • Data portability (receive your data in a machine-readable format)

To exercise any of these rights, please use the account management features in the developer portal or contact us directly.

9. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Terms of Service  ·  Sign In  ·  Home