# Privacy Policy

Last updated: April 29, 2026

## 1. Information We Collect

### Account Information
- Email address
- Password (hashed)
- Billing information (processed by Stripe)

### Usage Data
- API request logs (endpoint, URL, timestamp)
- IP addresses (for rate limiting and security)
- Browser type and OS

### Scraped Data
- We temporarily process URLs and webpage content you submit
- We do not permanently store scraped content unless cached
- Cache TTL is 5 minutes by default

## 2. How We Use Your Information

- Provide and maintain the Service
- Process payments and prevent fraud
- Monitor usage and enforce rate limits
- Improve the Service and develop new features
- Comply with legal obligations

## 3. Data Sharing

We do not sell your personal data. We may share data with:
- Stripe (payment processing)
- Cloud providers (hosting infrastructure)
- Legal authorities when required by law

## 4. Data Security

We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL)
- Hashed passwords (bcrypt)
- API key authentication
- Rate limiting and IP blocking

## 5. Your Rights

Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data
- Object to processing

## 6. Cookies

We use essential cookies for authentication. We do not use tracking cookies for advertising.

## 7. Data Retention

- Account data: retained until account deletion
- API logs: retained for 90 days
- Cached content: retained for 5 minutes

## 8. International Transfers

Data may be processed in the United States or other countries where our servers are located.

## 9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children.

## 10. Changes to This Policy

We may update this policy. Significant changes will be notified via email.

## Contact

For privacy questions, contact privacy@crawlapi.dev.