Scrapy

Scrapy IO

Privacy Policy

Effective: March 30, 2026 · Last Updated: March 30, 2026

Key Privacy Points

  • We collect only data needed to operate your account and service.
  • For scraped data, you are the Controller and Scrapy is Processor.
  • Scrapy is a marketplace platform, not a data broker.
  • Scraped outputs are auto-deleted (typically 7–14 days).
  • We do not sell personal data.
  • You can exercise GDPR/CCPA/LGPD rights anytime.

Introduction

Scrapy Technologies, Inc. ("Scrapy", "we", "us", "our") operates the Scrapy web scraping marketplace and automation platform at `www.scrapy.io`. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, retention periods, and your rights.

This Policy applies to personal data connected to your use of the Platform and is separate from data you scrape using the tools, which is covered by the Controller/Processor framework below.

1. Definitions

  • Personal Data: information related to an identified or identifiable person.
  • Account Data: registration/profile/billing data you provide.
  • Usage Metadata: logs, timestamps, API usage, IP, and device/browser data.
  • Processed Data: data you collect through scraper runs.

2. Information We Collect

  • Identity and contact details (name, email).
  • Authentication data (hashed passwords, security/session data).
  • Billing and transaction records (tokenized payment references).
  • Technical usage metadata for platform operation and security.
  • Support communications you submit to us.

3. Processed Data Shield

For data you scrape, you are the Data Controller. Scrapy acts only as your infrastructure provider and processor under your instructions. You are responsible for lawful basis, notices, compliance, and downstream use.

4. Cookies and Tracking

We use necessary cookies for authentication/security, optional analytics/functional cookies where applicable, and do not run advertising tracker profiles for cross-context targeting.

5. Controller vs. Processor

Scrapy is Controller for your account/billing/support data, and Processor for user-directed scraped output. This distinction governs legal responsibility and rights handling.

6. Lawful Bases

We rely on contract performance, legal obligations, legitimate interests, and consent (where required) depending on the processing activity and jurisdiction.

7. Marketplace Model — Not a Data Broker

Scrapy does not sell, license, or broker scraped datasets. We provide marketplace and execution infrastructure; we do not commercialize your processed output data.

8. How We Use Your Data

  • Account operation, authentication, and service delivery
  • Billing, credits, and payment processing
  • Security monitoring, anti-abuse, and incident response
  • Legal compliance and support operations

9. Sharing and Subprocessors

We share data with vetted subprocessors only as needed (e.g., cloud hosting, payments, support, monitoring), and where legally required. We do not sell personal data.

10. Data Retention

Scraped output is designed to be transient (typically 7–14 days). Other categories are retained according to operational and legal requirements (for example billing records).

11. Data Security

We apply industry-standard security controls (encryption in transit/at rest, access controls, and monitoring), while no internet system can be guaranteed absolutely secure.

12. International Transfers

Personal data may be processed in regions where our infrastructure/subprocessors operate. We use applicable transfer safeguards (such as SCCs/UK addendum where required).

13. GDPR Rights (EU/UK)

You may request access, rectification, deletion, restriction, portability, and objection for data where Scrapy is the Controller.

14. CCPA Rights (California)

California residents may exercise rights to know, delete, correct, and non-discrimination. Scrapy does not sell or share personal information for behavioral advertising.

15. LGPD Rights (Brazil)

Brazilian users may exercise LGPD rights including confirmation/access, correction, deletion/blocking, portability, and consent withdrawal where applicable.

16. Other Jurisdictions

Equivalent rights and complaint channels are supported where required under local frameworks (for example PIPEDA, APPs, DPDP Act, etc.).

17. Children's Privacy

The platform is not intended for children under legal age thresholds. If such data is discovered, we will take steps to remove it promptly.

18. Data Breach Response

We maintain incident response procedures and notify affected users/authorities as required by applicable laws and breach notification obligations.

19. Third-Party Links

Third-party services linked from the platform have their own privacy policies and data practices, which are outside Scrapy's control.

20. Changes to This Policy

We may update this policy and will provide notice for material changes. Continued use after effective date constitutes acceptance of updates.

21. DPO and Contact

  • DPO: dpo@scrapy.io
  • Privacy requests: privacy@scrapy.io
  • Security: security@scrapy.io
  • General support: support@scrapy.io