SOC 2 Type II
Audited annually since 2023.
Our latest SOC 2 Type II report is available under NDA. Email security@livescraper.com to request a copy.
Livescraper holds public data only — never personal data, never anything behind a login. Here's exactly how we operate, store and dispose of what you scrape.
If a regular visitor sees it, we'll fetch it. No logins, no paywalls, no personal data, no scraping behind authentication.
All exports, queues and logs live in AES-256-encrypted S3 buckets. Database fields are encrypted with KMS-managed keys.
TLS 1.3 everywhere. HSTS preload, modern ciphers, A+ on SSL Labs. No mixed content anywhere on the platform.
Our latest SOC 2 Type II report is available under NDA. Email security@livescraper.com to request a copy.
EU-resident customers get a signed DPA on request. We act as a Processor; you remain Controller of any data you export.
"Do Not Sell My Info" is the default for every California resident — we don't sell anyone's information, ever.
Infrastructure runs in AWS regions us-east-1 and eu-central-1. Choose where your data is processed at signup.
All employee access uses SSO + WebAuthn. Production access is just-in-time and audited; no standing keys to anything.
Daily encrypted backups, replicated across two AWS regions. Restore drills run quarterly with documented RTO/RPO targets.
Real-time intrusion detection, log aggregation, automated alerting. We page humans for anything that looks unusual.
Every sub-processor (AWS, Stripe, Postmark, Cloudflare, Sentry) carries SOC 2 or equivalent. Full list at privacy.html.
Confirmed security incidents are disclosed to affected customers within 1 hour, with regulators within 72 hours where applicable.
We run a no-fault disclosure program. Email security@livescraper.com with a description and reproduction steps.
Most documents are available under NDA. Tell us what your security team needs and we'll send it the same day.