Privacy Policy
Last updated: March 11, 2026
Intuitive Systems Novesia UG (haftungsbeschränkt) ("we", "us", or "our") operates the Scrapeer website and application (the "Service"). This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. We are committed to protecting your data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data We Collect
1.1 Account Data
- Email address, used for registration, login, and notifications.
- Display name (optional).
- Password, securely hashed. Plaintext is never stored.
- OAuth tokens: if you sign in via Google or GitHub, we receive an authentication token from that provider.
- Team membership and role, if you belong to a team workspace.
1.2 Project & Automation Data
- Flow definitions: the automation flows you build.
- Project metadata such as name, description, and timestamps.
- Uploaded files, stored in the EU. We track file name, size, and content type.
- Secret variables, encrypted and stored separately from application data.
1.3 Execution Data
- Run logs and status (per-block execution results, timestamps).
- Screenshots captured during flow execution.
- Extracted data and scraping output.
1.4 Usage & Billing Data
- Subscription tier and status.
- Credit balance and usage history.
- Copilot action counts (for daily cap tracking).
1.5 Technical & Operational Data
- IP addresses (request logs, rate limiting).
- User-Agent strings.
- Session metadata.
- Error logs (may contain request context; never secret values).
1.6 Compliance / Abuse Logs
To comply with German intermediary liability obligations, we maintain limited abuse logs that allow us to respond to legitimate abuse complaints. These logs contain only request metadata (such as URLs and timestamps). They do not contain response content, page content, or scraped data. Abuse logs are automatically deleted after 60 days.
1.7 Waitlist
If you join our waitlist, we collect your email address. We use it solely to notify you about Service availability and may delete it once the waitlist is no longer needed.
2. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Account management & authentication | Contract performance (Art. 6(1)(b)) |
| Flow execution & automation processing | Contract performance |
| AI Copilot assistance | Consent (Art. 6(1)(a)), requires explicit opt-in |
| Billing & subscriptions | Contract performance |
| Security & abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Error logging & debugging | Legitimate interest |
| Usage analytics (aggregated, no PII) | Legitimate interest |
3. AI Copilot
Copilot is an AI-powered feature that helps you build automation flows. When you use Copilot, your prompts and flow metadata are sent to third-party AI providers for processing. Secret values and file contents are never sent.
Copilot requires explicit consent before first use. You can delete your Copilot session history at any time. We use AI providers located in the US and the EU that have confirmed your data is not used for model training.
4. Third-Party Data Processors
We do not sell your personal data. We share data only with the following categories of processors:
4.1 Third-Party Integrations
When you connect a third-party account (e.g., a Google account for Google Sheets access), we access only the data you explicitly select within your workflows. OAuth credentials are stored encrypted and used solely to perform your configured automation actions. You can disconnect any integration at any time from your account settings. Scrapeer's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
4.2 Infrastructure
Our servers, databases, and file storage are hosted with EU-based infrastructure providers. All data is stored and processed within the EU. Secret values are encrypted at rest.
4.3 Proxy Routing
Certain workflow configurations route outbound web requests through a third-party proxy provider for reliability. This is opt-in per workflow. All traffic is HTTPS encrypted end-to-end. The proxy provider receives only connection metadata (target domain, timestamps) and cannot access request or response content. No Scrapeer user personal data (email, name, account information) is transferred to the proxy provider.
4.4 Payment Processing
Billing and payment processing is handled by Paddle, which acts as our Merchant of Record. When you subscribe to a paid plan, Paddle collects and processes your payment information (name, billing address, payment method). We do not store your credit card details. Paddle's privacy policy is available at paddle.com/legal/privacy.
4.5 Other
- Legal requirements: we may disclose data when required by law, regulation, or legal process.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
5. International Data Transfers
Your core account and project data is stored and processed in the EU. However, certain data may be transferred outside the EU:
- Copilot data may be processed in the US or EU, depending on routing. Appropriate safeguards (Data Processing Addendums, Standard Contractual Clauses where applicable) are in place.
- Proxy traffic may be routed through a US-based provider. This involves only public web traffic metadata (target domain, timestamps).
6. Data Retention
- Account data: retained while your account is active. Deleted or anonymized within 30 days of account deletion.
- Project and automation data: retained while the project exists. Deleted when you delete the project or your account.
- Abuse logs: automatically deleted after 60 days.
- Copilot sessions: you can delete session history at any time. We do not retain it beyond what is needed for the active session.
- Error and operational logs: retained for a limited period for debugging and security purposes.
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Secure password hashing.
- Encrypted secret storage, separated from application data.
- HTTPS encryption for all connections.
- Rate limiting and abuse detection.
No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to following industry best practices.
In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify affected users without undue delay as required by Art. 34 GDPR.
8. Your Rights (GDPR Articles 15–22)
If you are located in the EU/EEA, you have the right to:
- Access: request a copy of all personal data we hold about you.
- Rectification: request correction of inaccurate data.
- Erasure: request deletion of your account and all associated data ("right to be forgotten").
- Restriction: request that we pause processing without deleting your data.
- Portability: request your project data in a machine-readable format (JSON).
- Objection: opt out of specific processing activities (e.g., Copilot, analytics).
- Withdraw consent: for processing based on consent (e.g., Copilot), you may withdraw at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@scrapeer.com . We will respond within 30 days as required by GDPR.
9. Cookies & Tracking
Scrapeer uses only essential cookies required for session authentication. We do not use advertising trackers or third-party tracking scripts.
We collect anonymous, aggregated usage statistics on our website using a self-hosted analytics tool. This tool does not use cookies, does not collect personal data, and does not track you across sites. All analytics data is processed on our own servers within the EU.
10. Children's Privacy
The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and for significant changes, sending a notification to your registered email address. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Data Controller
The data controller responsible for your personal data is:
Intuitive Systems Novesia UG (haftungsbeschränkt)
Hausweberstraße 16a
41352 Korschenbroich, Germany
Email: privacy@scrapeer.com
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at the address above. We will respond within 30 days as required by GDPR. You also have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for our company is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).