Scrapy IO
Cookie Policy
Effective: March 30, 2026 · Last Updated: March 30, 2026
Key Points
- We use necessary, functional, analytics, and attribution cookies.
- Strictly necessary cookies power secure sessions and billing.
- We do not use cookies for ad-targeting or data selling.
- You can manage non-essential categories at any time.
Introduction
This Cookie Policy explains how Scrapy uses cookies and related technologies across the Platform. It complements our Privacy Policy and Terms.
1. What Are Cookies
Cookies are small files stored on your browser to maintain session state, apply preferences, and enable secure operation.
2. Why Scrapy Needs Cookies
Cookies support authenticated flows, anti-forgery protections, stable dashboard behavior, and payout attribution in marketplace runs.
3. Strictly Necessary Cookies
- Authentication and session continuity
- CSRF protection and abuse prevention
- Infrastructure routing and runtime stability
4. Functional Cookies
Functional cookies preserve dashboard preferences, locale settings, and non-critical interface state to improve usability.
5. Performance and Analytics Cookies
With consent, anonymized telemetry helps us monitor reliability, latency, and feature quality. These cookies are never used for advertising.
6. Full Cookie Reference
| Cookie | Category | Purpose | Duration | Party |
|---|---|---|---|---|
| scrapy_session | Strictly Necessary | Dashboard auth session | 7 days idle/logout | First-party |
| scrapy_csrf | Strictly Necessary | CSRF protection token | Session | First-party |
| scrapy_jwt | Strictly Necessary | Dashboard API authentication | 15 minutes | First-party |
| scrapy_input_state | Functional | Input preview state persistence | 30 days | First-party |
| scrapy_analytics | Analytics | Anonymized platform telemetry | 12 months | First-party |
| __stripe_mid / __stripe_sid | Strictly Necessary | Stripe fraud and payment session | 1 year / session | Third-party |
| __cf_bm / _cfuvid | Strictly Necessary | Cloudflare bot and DDoS protection | 30 min / session | Third-party |
7. Marketplace Attribution Cookies
Attribution cookies are used only to calculate publisher payouts for actor executions. They do not disclose your identity or output data to publishers.
8. Third-Party Cookies and Subprocessors
Some subprocessors (such as Stripe and Cloudflare) may set strictly necessary cookies tied to payment integrity and perimeter security.
9. Stripe, Cloudflare, and AWS
Stripe handles payment-session fraud controls; Cloudflare supports bot and DDoS mitigation; AWS hosts infrastructure without separate end-user tracking cookies.
10. Consent and Preference Centre
You can accept all, reject non-essential, or granularly manage cookie categories, and change your preferences anytime.
11. Browser-Level Controls
You may also manage cookie behavior via browser settings (Chrome, Firefox, Safari, Edge, Brave).
12. Impact of Disabling Cookies
Disabling required cookies can break login, billing flows, and real-time dashboard capabilities.
13. Legal Bases
Scrapy relies on contract necessity, legitimate interest, and consent depending on cookie category and jurisdiction.
14. Your Rights
Depending on your location, you may request access, deletion, objection, and consent withdrawal for cookie-linked personal data.
15. Do Not Track and GPC
We treat Global Privacy Control signals in line with applicable law and keep non-essential categories opt-in.
16. Cookie Retention Periods
Retention periods are category-specific and reviewed periodically to keep lifetimes minimal and purpose-bound.
17. Changes to This Policy
Material changes are communicated through in-product notice and policy update metadata.
18. Contact and DPO
For cookie and privacy requests contact privacy@scrapy.io or dpo@scrapy.io.