Privacy Policy
Your privacy is important to us. This policy explains how CrawlForge collects, uses, and protects your personal information.
Last Updated: December 2025
Quick Navigation
1. Information We Collect
Account Information
- •Email address (required for account creation and authentication)
- •Name (optional, for personalization)
- •Password (encrypted using industry-standard bcrypt hashing)
- •Account preferences and settings
Usage Data
- •API requests and responses (tool usage, endpoints called, parameters)
- •Credit consumption and balance history
- •Authentication logs (login times, IP addresses, device information)
- •Performance metrics (response times, error rates, success rates)
- •Browser and device information (user agent, screen resolution, OS)
- •Session data (duration, pages visited, features used)
Payment Information
- •Payment processing is handled exclusively by Stripe, our PCI-DSS compliant payment processor
- •We store only the last 4 digits of your card number and card brand for display purposes
- •Full payment details (card number, CVV, expiration date) are never stored on our servers
- •Stripe Customer ID and Subscription ID for billing management
- •Purchase history and invoice records
Automatically Collected Information
- •Cookies and similar tracking technologies (see our Cookie Policy for details)
- •Log data (IP address, browser type, referring/exit pages, timestamps)
- •Fraud prevention data (device fingerprinting, risk scoring, rate limiting metadata)
- •Error and diagnostic information for debugging and service improvement
2. How We Use Your Information
Service Delivery
- •Authenticate your account and maintain secure sessions
- •Process API requests and return scraping results
- •Manage your credit balance, subscriptions, and billing
- •Send service-related emails (account verification, password resets, billing notifications)
- •Provide customer support and respond to your inquiries
Service Improvement
- •Analyze usage patterns to optimize tool performance and reliability
- •Identify and fix bugs, errors, and performance bottlenecks
- •Develop new features and tools based on user needs
- •Conduct A/B testing and experimentation to improve user experience
- •Monitor service health and uptime (99.9% SLA guarantee)
Security and Fraud Prevention
- •Detect and prevent fraudulent activity, abuse, and unauthorized access
- •Implement rate limiting and usage quotas to ensure fair use
- •Protect against DDoS attacks, credential stuffing, and other security threats
- •Comply with legal obligations and enforce our Terms of Service
Communications
- •Send transactional emails (purchase confirmations, credit balance alerts, API key generation)
- •Notify you of significant service updates, new features, or breaking changes
- •Respond to support requests and provide technical assistance
- •Send marketing communications (only with your explicit consent, opt-out available)
3. How We Share Your Information
We Do Not Sell Your Data
- •CrawlForge never sells, rents, or trades your personal information to third parties for marketing purposes
- •Your data is yours, and we respect your privacy
Third-Party Service Providers
- •Stripe (payment processing, PCI-DSS Level 1 certified) - processes payments and manages subscriptions
- •Neon Database (PostgreSQL hosting) - stores user data, API keys, and usage logs in encrypted databases
- •Upstash Redis (caching and session management) - stores temporary session data and rate limiting metadata
- •Vercel (hosting and infrastructure) - hosts our application with enterprise-grade security
- •Sentry (error monitoring) - collects anonymized error reports for debugging (personal data is scrubbed)
- •PostHog (analytics) - tracks anonymized usage patterns for product improvement (GDPR compliant)
Legal Requirements
- •We may disclose your information if required by law, court order, or government regulation
- •To protect our rights, property, or safety, or that of our users or the public
- •In connection with a merger, acquisition, or sale of assets (users will be notified in advance)
With Your Consent
- •We may share information with third parties when you explicitly authorize us to do so
- •For example, integrating with third-party tools or services you choose to connect
4. Data Retention
Active Accounts
- •Account data is retained as long as your account is active
- •Usage logs are retained for 12 months for billing, analytics, and support purposes
- •Payment records are retained for 7 years to comply with tax and accounting regulations
Deleted Accounts
- •When you delete your account, we permanently delete your personal information within 30 days
- •Anonymized usage data may be retained for analytics and service improvement
- •Payment records are retained for legal and tax compliance (non-identifiable data)
- •Backup systems may retain data for up to 90 days for disaster recovery purposes
Security Logs
- •Authentication logs are retained for 90 days for security and fraud prevention
- •Error logs are retained for 30 days for debugging and service improvement
- •Anonymized performance metrics may be retained indefinitely
5. Your Rights (GDPR & CCPA)
Access and Portability
- •Request a copy of all personal data we hold about you
- •Export your data in a machine-readable format (JSON or CSV)
- •Access your usage history, API logs, and billing records from the dashboard
Correction and Updates
- •Update your account information at any time from the settings page
- •Correct inaccurate or incomplete personal data
- •Modify your communication preferences and email settings
Deletion (Right to be Forgotten)
- •Delete your account and all associated personal data
- •Request deletion of specific data categories
- •Opt out of marketing communications while maintaining your account
Restriction and Objection
- •Restrict how we process your data (e.g., object to marketing emails)
- •Object to automated decision-making or profiling (we do not use these for critical decisions)
- •Withdraw consent at any time for data processing based on consent
How to Exercise Your Rights
- •Email us at support@crawlforge.dev with your request
- •We will respond within 30 days (GDPR requirement)
- •California residents can request a copy of data shared with third parties (CCPA requirement)
6. Security Measures
Data Protection
- •All data in transit is encrypted using TLS 1.3 (HTTPS)
- •Passwords are hashed using bcrypt with industry-standard salt rounds
- •API keys are hashed using HMAC-SHA256 and never stored in plain text
- •Database connections are encrypted and access is restricted to authorized services only
- •Session tokens use JWT with short expiration times (15 minutes) and secure refresh tokens
Infrastructure Security
- •Hosted on Vercel with enterprise-grade DDoS protection and WAF (Web Application Firewall)
- •Database backups are encrypted and stored in multiple geographic regions
- •Regular security audits and penetration testing
- •Automated vulnerability scanning and dependency updates
- •Incident response plan with 24/7 monitoring via Sentry
Access Controls
- •Role-based access control (RBAC) for internal team members
- •Multi-factor authentication (MFA) available for user accounts
- •Principle of least privilege for all service accounts and integrations
- •Regular access reviews and permission audits
Data Breach Response
- •In the event of a data breach, we will notify affected users within 72 hours (GDPR requirement)
- •We will provide details on the nature of the breach, affected data, and remediation steps
- •We maintain a comprehensive incident response plan and regularly test it
7. International Data Transfers
Data Location
- •Our primary infrastructure is hosted in the United States (Vercel, Neon, Upstash)
- •Data may be transferred to and processed in countries outside your jurisdiction
- •We use Standard Contractual Clauses (SCCs) for GDPR-compliant international transfers
- •All third-party processors are vetted for GDPR and CCPA compliance
8. Children's Privacy
Age Restriction
- •CrawlForge is not intended for users under 18 years of age
- •We do not knowingly collect personal information from children
- •If we discover that a child has provided personal information, we will delete it immediately
- •Parents or guardians who believe their child has provided information should contact us
9. Changes to This Policy
Policy Updates
- •We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements
- •We will notify you of material changes via email or a prominent notice on our website
- •Continued use of CrawlForge after changes constitutes acceptance of the updated policy
- •Previous versions of this policy are available upon request
10. Contact Us
Privacy Questions
- •Email: support@crawlforge.dev
- •Subject line: 'Privacy Policy Inquiry' for faster response
- •Response time: Within 48 hours for general questions, 30 days for GDPR/CCPA requests
Data Protection Officer (DPO)
- •For GDPR-related inquiries, you can contact our Data Protection Officer at support@crawlforge.dev
- •Please include 'ATTN: DPO' in the subject line
Supervisory Authority
- •EU residents have the right to lodge a complaint with their local data protection authority
- •California residents can contact the California Attorney General's Office for CCPA complaints
Related Legal Documents
Questions About Your Privacy?
If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us.
support@crawlforge.dev