Summary: We collect your email address, API usage data, and the requests and responses you send through our API. We use Stripe to process payments and Plausible Analytics for cookieless, privacy-friendly website analytics. We keep request and response data on file and may use it in anonymised form for analytical purposes. We do not use authenticated sessions to access third-party AI platforms on your behalf.
1. Who We Are
ScrapeLLM ("we", "our", "us") operates the ScrapeLLM API and website at scrapellm.com. We are the data controller for the personal information described in this policy.
Questions or requests regarding your data can be sent to: privacy@scrapellm.com.
2. What Data We Collect
Account Information
- Email address (required to create an account).
- Password (stored as a secure hash; we never store plaintext passwords).
- API key(s) associated with your account.
Payment Information
- Payments are processed by Stripe. ScrapeLLM does not store your full card number, CVV, or bank details. We only receive a Stripe customer ID and subscription status.
- Stripe's Privacy Policy governs how your payment data is handled by Stripe.
API Request & Response Data
- The full request you send to our API: prompt text, target platform, country parameter, and any other options.
- The full response returned by the third-party AI platform, including text, links, citations, and metadata.
- Technical metadata: timestamp, latency (elapsed milliseconds), HTTP status, credit cost, job ID, and your API key (hashed for log storage).
Usage & Billing Data
- Total credits consumed, request counts, and billing period information.
- Stripe subscription status, plan ID, and renewal dates.
Website Analytics
- We use Plausible Analytics, a privacy-first analytics platform that does not use cookies and does not collect personally identifiable information. Plausible only records aggregated, anonymous page-view statistics (page URL, referrer, browser type, country). No data is shared with advertising networks. See Plausible's Privacy Policy.
Server Logs
- Standard web server logs including IP address, request path, HTTP method, response code, and user-agent. These are retained for security and debugging purposes for up to 90 days.
3. How We Use Your Data
Service Operation
- To authenticate your API requests using your API key.
- To route requests to the appropriate AI platform and return the response.
- To deduct credits and enforce rate limits.
Billing
- To create and manage your Stripe subscription.
- To send billing-related emails (receipts, renewal reminders, payment failures).
Data Analytics
- We retain your API requests and the responses returned from AI platforms on file. This data is used to:
- Monitor and improve API reliability and response quality.
- Analyse AI model behaviour, output consistency, and trends across platforms and geographies.
- Produce aggregated, de-identified research and product insights. Individual requests will not be attributed to you in any published output.
Communications
- To send transactional emails relating to your account (e.g. API key creation, plan changes).
- We will only send marketing emails if you have opted in. You can opt out at any time.
4. No Authenticated Third-Party Sessions
ScrapeLLM does not log in to any target platform — not with user credentials, not with ScrapeLLM-owned accounts, and not with any session, cookie, or OAuth token of any kind. All requests are made to the publicly accessible, unauthenticated interface of each platform, exactly as any anonymous member of the public would access it. No accounts on ChatGPT, Perplexity, Gemini, Copilot, Grok, or any other third-party AI platform are ever used or required.
5. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your personal data is:
- Contract performance — to deliver the API service you have signed up for.
- Legitimate interests — for security monitoring, fraud prevention, and internal analytics.
- Legal obligation — where required by applicable law (e.g. retaining financial records).
- Consent — for optional marketing communications.
6. Data Sharing
We do not sell your personal data. We may share data with the following categories of third parties:
- Stripe — for payment processing. Only your email address and subscription details are shared.
- Plausible Analytics — for anonymous website analytics. No personal data is shared.
- Infrastructure providers — cloud hosting and database providers used to run our platform, bound by data processing agreements.
- Legal & regulatory authorities — if required by law, court order, or to protect our rights.
7. Data Retention
- Account data — retained for the duration of your account, plus up to 90 days after deletion for backup and compliance purposes.
- API request & response logs — retained indefinitely for analytics purposes, stored in a way that can be de-identified upon request.
- Payment records — retained for up to 7 years as required by financial regulations.
- Server access logs — retained for up to 90 days.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Deletion — request deletion of your account and associated personal data.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdrawal of consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact privacy@scrapellm.com. We will respond within 30 days.
9. Cookies
Our marketing website (scrapellm.com) uses no tracking or analytics cookies. Plausible Analytics is cookieless by design.
The authenticated application (dashboard, API builder) uses a secure, HTTP-only session cookie solely to maintain your login state on our own platform. This cookie is not used to authenticate you on any third-party AI service.
10. Security
We implement industry-standard technical and organisational measures to protect your data, including TLS encryption in transit, hashed passwords, and access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
11. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
13. Contact
For privacy-related enquiries:
- Email: privacy@scrapellm.com
- General: hello@scrapellm.com