Privacy Policy

scrapen.ai ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and store your information when you visit our website or use our Service.

Scrapen.ai is the data controller responsible for your personal data. For any privacy-related inquiry, contact us at info@scrapenai.com We currently do not appoint a Data Protection Officer (DPO), as we are not legally required to do so. For any privacy-related questions, please contact info@scrapenai.com.

We collect only the data that is strictly necessary to provide and improve the Service. We collect the following categories of data: • Account information: name, email, login credentials. • Payment information: handled by Stripe (we do not store full card details). • Usage data: device type, browser, IP address, session logs. • Content data: text, prompts, or information you input into the Service.

We process your personal data on the following legal grounds under the GDPR: • Performance of a contract (Art. 6(1)(b) GDPR): processing necessary to provide you with the Service, manage your account, and process payments. • Legitimate interests (Art. 6(1)(f) GDPR): improving and securing the Service, fraud prevention, and analytics. • Consent (Art. 6(1)(a) GDPR): where you have given consent for specific processing activities, such as marketing communications or non-essential cookies. You may withdraw your consent at any time. • Legal obligation (Art. 6(1)(c) GDPR): where processing is necessary to comply with applicable laws or regulations.

Your data is securely hosted on servers provided by Hetzner Online GmbH (Germany). We apply industry-standard encryption and access controls. We implement technical and organizational measures appropriate to the level of risk in accordance with Article 32 GDPR.

Our Chrome Extension may access and process the content of web pages you explicitly interact with in order to extract information requested by you. • The Extension processes content only on pages where the user actively interacts with the Extension features. • The Extension does not collect browsing history, passwords, or personal data unrelated to the requested task. • Data extracted is transmitted securely to our servers solely to provide the requested Service functionality. • We do not sell or share collected data with third parties. • All processing occurs only when initiated by the user. • Extracted data is automatically deleted after 90 days at most. • Data is not shared with third parties except trusted service providers strictly required for infrastructure and payment processing. We do not collect or transmit data unrelated to the core functionality of the Extension. The Extension may extract only the content explicitly requested by the user, which may include user-selected text, visible page content, and user-requested screenshots of the current tab. No background or automatic data collection occurs without explicit user interaction.

When you connect your Google Search Console account to Scrapen, we access SEO performance data from your verified sites in read-only mode via the https://www.googleapis.com/auth/webmasters.readonly scope. Data collected: • List of your Search Console properties (verified domains). • Per-URL performance metrics: impressions, clicks, CTR, average position. • Search queries associated with your pages. • Traffic dates and country of origin. Use of data — this data is used exclusively to: • Detect content decay on your published articles. • Identify SEO opportunities and recommend content updates. • Display your statistics in your personal Scrapen dashboard. Storage and security: • Google OAuth tokens are encrypted at rest using Fernet (AES-256) in our database. • GSC data is stored in your isolated user space and is accessible only to you. • No Google Search Console data is shared, sold, or used for advertising. • No GSC data is transmitted to third parties (except technical subprocessors under strict confidentiality agreements, e.g. hosting provider). Deletion and disconnection: You can disconnect your Google Search Console account at any time from your Scrapen account settings. Disconnection triggers the immediate and permanent deletion of all your OAuth tokens and associated GSC data from our servers. You can also revoke access directly at https://myaccount.google.com/permissions. Google API Services User Data Policy compliance: Scrapen's use of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

All payments are processed through Stripe, which complies with PCI DSS security standards. Stripe acts as a data processor under a Data Processing Agreement (DPA) in line with the GDPR.

Under the GDPR, you have the following rights regarding your personal data: • Access your data. • Request correction or deletion. • Object to processing or request data portability. • Request restriction of processing. • Withdraw consent for marketing communications. • Lodge a complaint with a supervisory authority. • Not be subject to automated decision-making. We do not engage in automated decision-making or profiling as defined under Article 22 of the GDPR.

We use cookies to improve the Service and measure performance (Google Analytics, etc.). You can manage or disable cookies in your browser settings or via our Cookie Policy.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: • Account data: retained for the duration of your account and deleted within 30 days of account closure. • Payment data: retained for the period required by applicable tax and accounting laws (typically up to 10 years). • Usage and analytics data: retained for up to 26 months. • Content data: automatically deleted after a maximum of 90 days. Users may request earlier deletion at any time. • Server logs: retained for up to 90 days.

Your data is primarily stored and processed within the European Economic Area (EEA) on servers provided by Hetzner Online GmbH in Germany. Some service providers (such as Google Analytics and Stripe) may process data outside the EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs).

We use the following third-party sub-processors: • Hetzner Online GmbH (Germany) — hosting and infrastructure. • Stripe, Inc. (USA) — payment processing. • Google LLC (USA) — analytics. Each sub-processor is bound by a Data Processing Agreement (DPA) in accordance with the GDPR.

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at info@scrapenai.com.

We may update this Privacy Policy from time to time. Any material changes will be communicated via email or through a notice on our website. Continued use of the Service after publication constitutes acceptance of the changes.