Privacy Policy

Effective date: April 12, 2026 (Version 2026-04-12)

1. Introduction

justcrawl.io ("we", "us", "our") operates a scraping orchestration platform that helps businesses route web scraping requests across multiple providers. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform at justcrawl.io and dashboard.justcrawl.io.

2. Data We Collect

Account Information

  • Name — provided at registration
  • Email address — used for login, verification, and communication
  • Password — stored as a bcrypt hash (we never store your plaintext password)
  • Consent record — timestamp and version of Terms/Privacy you agreed to

Organization Data

  • Organization name — chosen during onboarding
  • Team member emails — used for invitations
  • Roles and permissions — configured by your team

Provider Credentials

  • Third-party API keys — credentials you provide for scraping providers (Bright Data, Oxylabs, Nimble Way, Zyte, Decodo). These are encrypted at rest using AES-256-GCM and are only used to execute scraping requests on your behalf.

Usage Data

  • Scraping job metadata — URLs submitted, provider used, success/failure status, latency, timestamps
  • Workflow configurations — DAG definitions you create
  • Audit logs — records of actions taken in your account (login, configuration changes, etc.)

Technical Data

  • IP address — recorded in audit logs for security purposes
  • Browser storage — we use localStorage (not cookies) to maintain your session via JWT tokens
  • Product analytics — we use PostHog to collect anonymized usage data including page views, feature interactions, and session metadata to improve the product. No advertising or tracking cookies are used.

3. How We Use Your Data

  • To provide and operate the justcrawl.io platform
  • To authenticate your identity and manage access
  • To execute scraping requests using your configured providers
  • To generate analytics and performance metrics for your dashboard
  • To maintain security through audit logging
  • To understand how users interact with the platform and improve the product
  • To communicate service-related updates via transactional email

4. Data Storage and Security

Your data is stored in PostgreSQL databases. Provider API credentials are encrypted at rest using AES-256-GCM with a server-side encryption key. Passwords are hashed using bcrypt with 12 salt rounds. All API communication uses HTTPS.

5. Data Retention

  • Account data — retained while your account is active. Upon deletion, personal data is anonymized.
  • Scraping job metadata — retained for the lifetime of your organization.
  • Audit logs — retained for security and compliance purposes.
  • Provider credentials — deleted immediately upon removal or account deletion.

6. Third-Party Data Sharing

We do not sell your personal data. Your provider API credentials are sent only to the respective scraping providers you have configured, solely to execute requests on your behalf. We use the following third-party services:

  • PostHog (product analytics) — collects anonymized usage data including page views and feature interactions. PostHog can be self-hosted. No advertising or user profiling.
  • Resend (email delivery) — processes email addresses solely for transactional emails (account verification, password reset). Does not use your data for marketing purposes.
  • Scraping providers (Bright Data, Oxylabs, Nimble Way, Zyte, Decodo) — receive your API credentials and scraping requests as configured by you.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Right of Access — request a copy of your personal data via the "Export My Data" feature in Settings
  • Right to Rectification — update your account information at any time
  • Right to Erasure — delete your account via the "Delete Account" feature in Settings. Your data will be anonymized.
  • Right to Data Portability — export your data in machine-readable JSON format
  • Right to Restrict Processing — contact us to restrict how your data is used
  • Right to Object — contact us to object to specific processing activities

8. Scraping Liability

justcrawl.io is a routing and orchestration platform. We do not control the target websites your scraping requests are directed at. You are solely responsible for ensuring your scraping activities comply with applicable laws, terms of service of target websites, and the terms of your scraping provider agreements.

9. Children's Privacy

justcrawl.io is a business-to-business service not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform. The version date at the top of this page indicates the latest revision.

11. Contact

For privacy-related inquiries, data requests, or complaints, contact us at privacy@justcrawl.io.