Livescraper
Sign inGet Started
Home  ·  Legal  ·  GDPR

GDPR & your data

Plain-English summary of how we comply with the General Data Protection Regulation

Short version

We treat GDPR as the floor, not the ceiling. We minimise the data we collect, give you full control over what you've stored with us, and only ever process public business data — never private personal records behind a login.

This page is a friendly overview. Our full Privacy Policy and our standard Data Processing Agreement contain the legal detail.

Roles & lawful basis

For account-related data (your email, billing, login activity), Livescraper is the data controller. For the data you scrape and store ("Outputs"), you are the controller and we act as your processor.

Our lawful bases for processing personal data are:

  • Contract — to deliver what you signed up for.
  • Legitimate interest — for security, fraud prevention, and product analytics on aggregate (non-individual) usage data.
  • Consent — for any marketing emails (you can opt out in one click) and optional analytics cookies.

Your rights under GDPR

If you're in the EU/EEA, UK or Switzerland, you have the right to:

  • Access — see what we hold about you. Self-service in your dashboard, or email privacy@livescraper.com.
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and associated data ("right to be forgotten"). One-click in your dashboard.
  • Portability — export your data in a machine-readable format.
  • Restriction — limit how we process your data while we resolve a query.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — wherever consent is the basis, you can revoke it at any time.

We respond to all requests within 30 days at the latest. We don't charge for these requests.

DPA & Standard Contractual Clauses

For Outputs you store with us, we offer a standard Data Processing Agreement incorporating the European Commission's Standard Contractual Clauses (2021). Most customers can self-sign it from the dashboard; Business-tier customers can request a customised version.

Email dpo@livescraper.com to receive the current DPA template.

Where your data lives

By default, your data is stored in our primary region (us-east-1, AWS Virginia). EU customers can opt their workspace into EU-only processing via Settings → Region — data is then stored in eu-west-1 (AWS Dublin) and never leaves the EEA.

Sub-processors

We share data only with vetted sub-processors. Current list:

  • Amazon Web Services — primary infrastructure (us-east-1, eu-west-1)
  • Stripe — payment processing
  • Postmark — transactional email
  • Sentry — error monitoring (PII scrubbed before transmission)
  • Plausible — privacy-friendly analytics, EU-hosted

We notify customers at least 30 days before adding a new sub-processor; you can object via email and we'll discuss alternatives.

A note on scraping & GDPR

Public business data — like a coffee shop's address on Google Maps — generally isn't personal data under GDPR. But scraped data can sometimes contain personal information (a manager's name, a public business email).

You're responsible for the lawful basis on which you process Outputs. Our Acceptable Use policy bans using Livescraper for: scraping personal data behind a login, sending unsolicited bulk communications in violation of GDPR or e-Privacy, or anything that would require explicit consent that you don't have.

Breach response

If we ever experience a personal-data breach, we will notify the relevant supervisory authority within 72 hours and affected customers without undue delay. We'd never sit on bad news.

Data Protection Officer

You can reach our DPO at dpo@livescraper.com.

You also have the right to lodge a complaint with your local supervisory authority. For UK residents this is the ICO; for the EU, find yours via edpb.europa.eu.