Privacy Policy

Last updated: February 2026

1. Introduction

Scrape & Enrich (“we”, “our”, or “us”) respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our SaaS platform and API services (the “Services”).

2. Our Role: Data Controller and Data Processor

We act in two distinct capacities depending on the type of data involved:

2.1 Data Controller

We are the data controller for information we collect directly from you for our own purposes, including:

  • Account registration data (email, name, password)
  • Billing and payment information
  • Service usage data (API logs, analytics)
  • Communications with us

2.2 Data Processor

We act as a data processor for data that you, the Customer, collect and process through the Services (“Customer Data”). In this capacity:

  • You are the data controller for all Customer Data
  • We process Customer Data solely at your direction and on your behalf
  • Customer Data consists of publicly available information collected at your initiative through the Services
  • You determine the purposes and means of processing Customer Data
  • You are responsible for ensuring a lawful basis for collecting and processing Customer Data

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored in hashed form)
  • Company name (optional)

3.2 Usage Data

We automatically collect information about your use of the Services:

  • API requests made (endpoints, timestamps, response codes)
  • IP addresses
  • Credit consumption and purchase history

3.3 Payment Information

Payment processing is handled by third-party providers (e.g., Stripe). We do not store full payment card numbers. We may receive and store:

  • Last four digits of your card
  • Card type and expiration date
  • Billing address

3.4 Customer Data

Customer Data is publicly available information that you collect through the Services at your own initiative and direction. This data is processed by us solely on your behalf as data processor. We do not independently verify, validate, or guarantee the accuracy of Customer Data. All Customer Data is provided to you on an “as-is” basis.

4. How We Use Your Information

We use the information we collect as data controller to:

  • Provide and maintain the Services
  • Process transactions and send related information
  • Send administrative information (updates, security alerts)
  • Respond to enquiries and provide customer support
  • Monitor and analyse usage patterns to improve the Services
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. Specifically:

  • Account data: Retained until you request deletion
  • API request logs: Retained for 90 days
  • Transaction records: Retained for 7 years (legal requirement)
  • Customer Data: Retained only as long as necessary to fulfil your requests; you may request deletion at any time

After account deletion, we may retain anonymised data for analytical purposes.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

6.1 Service Providers

Third parties that help us operate the Services:

  • Cloud hosting providers (infrastructure)
  • Payment processors (billing)
  • Email service providers (notifications)

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal process
  • Government requests
  • Protection of our rights, privacy, safety, or property

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

7. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt)
  • Regular security assessments
  • Access controls and authentication
  • Monitoring and logging

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data (data for which we are the controller):

8.1 Access and Portability

You can request a copy of your personal data in a structured, machine-readable format.

8.2 Correction

You can request correction of inaccurate or incomplete data.

8.3 Deletion

You can request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).

8.4 Restriction

You can request that we restrict processing of your data in certain circumstances.

8.5 Objection

You can object to processing of your data for certain purposes.

For rights regarding Customer Data (for which you are the controller), please refer to your own privacy policies and data protection obligations. If a data subject contacts us directly regarding Customer Data, we will refer them to you where possible.

To exercise your rights regarding data we control, contact us at privacy@scrapeandenrich.com.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with our service providers

10. Cookies and Tracking

Our website uses cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyse website traffic and usage
  • Improve user experience

You can control cookies through your browser settings. Disabling cookies may affect functionality.

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

12. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new policy on this page
  • Updating the “Last updated” date
  • Sending an email notification for significant changes

14. GDPR-Specific Information

For users in the European Economic Area (EEA):

  • Legal Basis: We process your data based on contract performance, legitimate interests, and consent where applicable.
  • Data Controller: Scrape & Enrich is the data controller for your account and usage data as described in Section 2.1.
  • Data Processor: Scrape & Enrich acts as data processor for Customer Data as described in Section 2.2.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

15. CCPA-Specific Information

For California residents:

  • We do not sell personal information.
  • You have the right to know what personal information we collect and how it is used.
  • You have the right to request deletion of your personal information.
  • You will not be discriminated against for exercising your privacy rights.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@scrapeandenrich.com

Data Protection Officer: dpo@scrapeandenrich.com