Privacy Policy

Summary

We collect the minimum data required to run a healthy SaaS business and we never sell it. The full version follows; the short version is:

• Account data — email, name, hashed password, billing address. Used to identify you and bill you.
• Usage data — which queries you ran, how many credits you spent, which IPs hit our API. Used to operate the service and prevent abuse.
• Outputs — the data you scrape stays yours; we hold it on your behalf for 90 days, after which we delete it unless you ask us to retain it longer.
• No third-party trackers on our marketing site beyond a privacy-friendly analytics tool that doesn't use cookies.

Data we collect

Information you give us

• Email address, name and (optionally) company name when you sign up
• Payment details — handled exclusively by our payment processor (Stripe). We never see your full card number.
• Anything you submit through the contact form or to our support inboxes

Information collected automatically

• API request logs (timestamp, endpoint, query, IP, response code)
• Browser type and a coarse country-level location for security and abuse prevention
• Aggregate analytics (page views, no individual visitor profiles)

How we use it

We use your data to: provide the Service, authenticate you, bill you accurately, prevent fraud and abuse, improve the product, and communicate with you about service-affecting changes. We rely on the lawful bases of contract (to deliver what you signed up for) and legitimate interest (security, fraud prevention, improving the product).

Sharing & sub-processors

We share data only with vetted sub-processors that help us run the Service. The current list:

• Stripe — payment processing
• Amazon Web Services — primary infrastructure (us-east-1, eu-west-1)
• Postmark — transactional email
• Sentry — error monitoring (PII scrubbed before transmission)
• Plausible — privacy-friendly, cookie-free site analytics

We never sell personal data, period. We share data with law enforcement only when legally compelled.

Retention

Account data is retained while your account is active and for 30 days after closure (legal/billing reasons), then permanently deleted. Outputs are retained for 90 days unless you delete them sooner or upgrade the retention window. Logs are retained for 13 months.

Security

Encryption in transit (TLS 1.3) and at rest (AES-256). Production access is limited to a small on-call team via SSO with hardware-key 2FA. We test backups weekly and do quarterly recovery drills. SOC 2 Type II report available under NDA — email security@livescraper.com.

Your rights

Wherever you live, you can: access the data we hold about you, correct inaccuracies, export your data, and ask us to delete it. Most of these are self-service in the dashboard; email privacy@livescraper.com for the rest. We'll respond within 30 days.

GDPR specifics

Livescraper, Inc. is the data controller for account-related data. For Outputs, you are the controller and we are the processor. Our standard Data Processing Agreement (DPA) incorporating the EU Standard Contractual Clauses is available on request — email dpo@livescraper.com.

EU data is processed in our EU region (eu-west-1, Ireland). You can opt your account to EU-only processing in your dashboard.

CCPA & US state laws

California, Virginia, Colorado, Connecticut, Utah, India (DPDP) and other regions: you have the right to know, delete, correct and opt out. We do not sell or share personal data for cross-context behavioral advertising as those terms are defined under the CCPA.

Children

Livescraper is not intended for children under 16. We don't knowingly collect personal data from anyone under 16; if you believe a minor has created an account, please contact us and we'll remove it.

Changes

We will announce material changes to this policy at least 30 days in advance, by email to your account address.

Contact & DPO

For privacy questions: privacy@livescraper.com
For our Data Protection Officer: dpo@livescraper.com

Postal: Livescraper, Inc., Houston, TX 77077, United States.