Initial commit: Full Crawl API implementation

legal/dpa.md

@@ -0,0 +1,48 @@
+# Data Processing Agreement (DPA)
+
+This Data Processing Agreement ("DPA") is entered into between Crawl API ("Processor") and the Customer ("Controller") as of the date of account creation.
+
+## 1. Definitions
+
+- **Personal Data**: Any information relating to an identified or identifiable natural person.
+- **Processing**: Any operation performed on Personal Data.
+- **Data Subject**: The natural person to whom Personal Data relates.
+
+## 2. Scope of Processing
+
+Processor will process Personal Data only as necessary to provide the Service and in accordance with Controller's documented instructions.
+
+## 3. Processor Obligations
+
+- Process Personal Data only on documented instructions from Controller
+- Ensure persons authorized to process Personal Data are bound by confidentiality
+- Implement appropriate technical and organizational measures
+- Assist Controller in responding to Data Subject requests
+- Notify Controller of any Personal Data breaches
+
+## 4. Subprocessors
+
+We use the following subprocessors:
+- Amazon Web Services (hosting)
+- Stripe (payment processing)
+- Google Cloud (optional AI features)
+
+## 5. Data Transfers
+
+Personal Data may be transferred to countries outside the EEA. We ensure adequate safeguards are in place.
+
+## 6. Security Measures
+
+We implement:
+- Encryption at rest and in transit
+- Access controls and authentication
+- Regular security assessments
+- Incident response procedures
+
+## 7. Audit Rights
+
+Controller may request an audit of our compliance with this DPA once per year.
+
+## 8. Termination
+
+Upon termination, Processor will delete or return all Personal Data unless required by law to retain it.

legal/privacy-policy.md

@@ -0,0 +1,78 @@
+# Privacy Policy
+
+Last updated: April 29, 2026
+
+## 1. Information We Collect
+
+### Account Information
+- Email address
+- Password (hashed)
+- Billing information (processed by Stripe)
+
+### Usage Data
+- API request logs (endpoint, URL, timestamp)
+- IP addresses (for rate limiting and security)
+- Browser type and OS
+
+### Scraped Data
+- We temporarily process URLs and webpage content you submit
+- We do not permanently store scraped content unless cached
+- Cache TTL is 5 minutes by default
+
+## 2. How We Use Your Information
+
+- Provide and maintain the Service
+- Process payments and prevent fraud
+- Monitor usage and enforce rate limits
+- Improve the Service and develop new features
+- Comply with legal obligations
+
+## 3. Data Sharing
+
+We do not sell your personal data. We may share data with:
+- Stripe (payment processing)
+- Cloud providers (hosting infrastructure)
+- Legal authorities when required by law
+
+## 4. Data Security
+
+We implement industry-standard security measures including:
+- Encryption in transit (TLS/SSL)
+- Hashed passwords (bcrypt)
+- API key authentication
+- Rate limiting and IP blocking
+
+## 5. Your Rights
+
+Depending on your jurisdiction, you may have the right to:
+- Access your personal data
+- Correct inaccurate data
+- Delete your account and data
+- Export your data
+- Object to processing
+
+## 6. Cookies
+
+We use essential cookies for authentication. We do not use tracking cookies for advertising.
+
+## 7. Data Retention
+
+- Account data: retained until account deletion
+- API logs: retained for 90 days
+- Cached content: retained for 5 minutes
+
+## 8. International Transfers
+
+Data may be processed in the United States or other countries where our servers are located.
+
+## 9. Children's Privacy
+
+The Service is not intended for children under 13. We do not knowingly collect data from children.
+
+## 10. Changes to This Policy
+
+We may update this policy. Significant changes will be notified via email.
+
+## Contact
+
+For privacy questions, contact privacy@crawlapi.dev.

legal/terms-of-service.md

@@ -0,0 +1,52 @@
+# Terms of Service
+
+Last updated: April 29, 2026
+
+## 1. Acceptance of Terms
+
+By accessing or using Crawl API ("the Service"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Service.
+
+## 2. Description of Service
+
+Crawl API provides headless browser automation and web scraping tools via a REST API. The Service allows users to extract data, take screenshots, generate PDFs, and perform other automated web interactions.
+
+## 3. Account Registration
+
+You must provide accurate information when creating an account. You are responsible for maintaining the security of your account credentials and API keys.
+
+## 4. Acceptable Use
+
+You agree not to use the Service to:
+- Scrape websites that explicitly prohibit scraping in their robots.txt or terms of service
+- Access or attempt to access non-public areas of websites without authorization
+- Violate any applicable laws or regulations
+- Distribute malware or engage in fraudulent activities
+- Overwhelm or damage third-party websites (rate limiting applies)
+
+## 5. API Usage and Credits
+
+The Service operates on a credit-based system. Each API endpoint consumes 1 credit per call. Credits are non-refundable and expire according to your subscription plan.
+
+## 6. Payment and Billing
+
+Paid plans are billed in advance on a monthly or annual basis. You can cancel your subscription at any time. Refunds are provided at our sole discretion.
+
+## 7. Data Privacy
+
+We process data in accordance with our Privacy Policy. We do not store scraped content permanently unless explicitly requested.
+
+## 8. Limitation of Liability
+
+The Service is provided "as is" without warranties of any kind. We are not liable for any damages arising from your use of the Service.
+
+## 9. Termination
+
+We reserve the right to suspend or terminate your account for violation of these terms or for any other reason at our discretion.
+
+## 10. Changes to Terms
+
+We may update these terms from time to time. Continued use of the Service after changes constitutes acceptance of the new terms.
+
+## Contact
+
+For questions about these terms, contact hello@crawlapi.dev.