Legal
Learn how Crawlora handles account, API, billing, usage, security, support, and public web data workflow information.
Crawlora is operated by the business or individual responsible for providing the Crawlora service. For purposes of this Privacy Policy, "Crawlora," "we," "us," and "our" refer to the operator of the Crawlora website, APIs, Playground, console, documentation, and related services.
This Privacy Policy does not list a legal company name, registered address, EU or UK representative, or Data Protection Officer because those details are not published in the current Crawlora site content.
This Privacy Policy applies to Crawlora's website, hosted APIs, Playground, console, documentation, account workflows, billing workflows, support, and related services.
This Privacy Policy does not govern third-party websites, public pages, APIs, content, databases, platforms, or services that may be accessed, referenced, or returned through Crawlora APIs. Third-party sources may have their own privacy notices, terms, robots rules, contractual limits, and access requirements.
For account, billing, website, support, security, product analytics, and usage metadata, Crawlora generally acts as an independent controller.
For certain Customer Data processed on behalf of a business customer through the API, Crawlora may act as a processor or service provider, and the customer is responsible for its own privacy notices, lawful basis, processing instructions, and required rights.
Customers are responsible for having a lawful basis and any required permissions for the data they submit to Crawlora or request through Crawlora. If your organization needs data processing terms, contact Crawlora because a public DPA route is not currently published on this site.
The categories below describe information Crawlora collects directly from users, from account and billing providers, from browser and server activity, and from API processing. The exact data collected can depend on your plan, settings, API calls, endpoint configuration, and whether optional analytics or marketing tools are enabled.
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Account data | Name, email, username, organization name, account ID, login provider profile. | User or authentication provider. | Account creation, authentication, console access, support. |
| API credentials | API keys, key names, key status, scopes, creation time, last-used metadata. | User, console, or API. | Authenticate requests, secure access, prevent abuse. |
| API request data | Endpoint name, URLs, query parameters, request body, headers where applicable, country, locale, device parameters, rendering options. | User or API request. | Provide API responses, debug, meter usage, improve reliability. |
| Usage metadata | Timestamps, request IDs, status codes, latency, error codes, credit usage, endpoint weight, cache status, retry count, rate-limit context, recent IP address. | API activity. | Billing, rate limits, security, debugging, monitoring. |
| Output and cache data | Normalized JSON, response metadata, public page extraction result, cached public data, parser status. | Crawlora processing and third-party public sources. | Deliver service, improve latency, reduce repeated requests, troubleshoot endpoint quality. |
| Billing data | Plan, subscription status, invoice status, billing email, Stripe or payment provider customer ID, tax metadata, failed payment status. | User or payment provider. | Billing, accounting, fraud prevention, customer support. |
| Support data | Messages, screenshots, attachments, logs shared by user, support ticket content. | User or support tools. | Support and issue resolution. |
| Device and session data | IP address, browser type, device info, session cookie, security events, referrer, approximate location from IP. | Browser and server logs. | Authentication, security, fraud prevention, site operation. |
| Website analytics and marketing data | Page views, traffic source, campaign parameters, docs and Playground interactions, consent status. | Website and analytics tools, such as Google Analytics if enabled. | Improve website, measure conversion, understand product interest. |
When you call Crawlora APIs, we process information needed to receive, route, execute, meter, secure, debug, and return the request. This may include the endpoint name, submitted URLs or parameters, request body fields, headers where applicable, timestamps, request IDs, response status, credit usage, endpoint weights, rate-limit context, cache status, retry or fallback status, parser status, error details, and recent IP addresses.
Crawlora uses this information for service delivery, billing, usage metering, abuse prevention, rate limiting, monitoring, endpoint reliability, debugging, customer support, and operational security. API logs may include customer-submitted URLs, parameters, endpoint names, and other request context.
Do not submit sensitive personal data to Crawlora unless you have a lawful basis, the relevant agreement supports that use, and you have confirmed that the endpoint and workflow are appropriate for the data.
Some API Output may include information from public web sources selected by the customer or endpoint configuration. Depending on the source and request, Output may include app metadata, product details, search results, creator profiles, video metadata, podcast metadata, business profile data, public reviews, public usernames, ratings, prices, availability, public descriptions, business contact information, public profile information, or similar public content.
Some public web data may contain personal data depending on the source and customer request. Customers are responsible for determining whether their collection, storage, processing, transfer, and use of such Output is lawful for their intended purpose.
Crawlora does not grant users rights to third-party websites, content, brands, databases, APIs, public pages, or personal data. You are responsible for respecting applicable law, third-party rights, contracts, source-site terms, and your own privacy obligations.
Where privacy law requires a legal basis, Crawlora relies on the bases below depending on the context. Where consent is required, you may withdraw consent through available controls or by contacting us.
| Purpose | Legal basis |
|---|---|
| Account creation and service delivery | Contract necessity. |
| API authentication and request processing | Contract necessity. |
| Billing and invoices | Contract necessity and legal obligation. |
| Security, abuse prevention, rate limiting | Legitimate interests. |
| Debugging, monitoring, endpoint reliability | Legitimate interests. |
| Customer support | Contract necessity and legitimate interests. |
| Product analytics | Legitimate interests or consent where required. |
| Marketing emails | Consent or legitimate interests depending on jurisdiction. |
| Cookies and non-essential tracking | Consent where required. |
| Legal compliance and dispute resolution | Legal obligation and legitimate interests. |
Crawlora may use cookies, local storage, session storage, and similar technologies for login sessions, API console authentication, CSRF and security controls, preferences, abuse prevention, analytics, product usage measurement, and marketing attribution.
Essential cookies and storage are used to operate the website, console, and account workflows. Non-essential cookies or similar tracking, such as analytics or marketing attribution, are used with consent where required. Crawlora does not currently publish a separate Cookies route, so the core cookie information is included here.
| Type | Purpose | Essential? | Example duration | Provider |
|---|---|---|---|---|
| Authentication and session | Keep users signed in and support console authentication. | Yes. | Session or limited duration. | Crawlora or authentication provider. |
| Security and CSRF | Protect console requests and account workflows. | Yes. | Session or limited duration. | Crawlora. |
| Console preferences | Remember UI settings and workflow preferences. | Maybe, depending on the feature. | Limited duration. | Crawlora. |
| Analytics | Measure website usage and product interest. | No. | Provider-specific. | Google Analytics or another analytics provider if enabled. |
| Marketing attribution | Understand campaigns and sign-up sources. | No. | Provider-specific. | Marketing provider if enabled. |
Crawlora uses credit-based usage and billing workflows for paid plans. The pricing page and console describe public plan information, included credits, endpoint usage, and billing controls where available.
Crawlora may use third-party payment processors such as Stripe. Payment processors may process payment details under their own terms and privacy policies. Crawlora should not need to store full payment card numbers to operate the console billing flow.
Crawlora may store billing metadata such as plan, subscription status, invoice status, billing email, payment provider customer ID, tax metadata, failed payment status, credits, endpoint usage, and account-level billing state.
Crawlora may share information with vendors that help operate the Service, including cloud hosting, database and storage, authentication, payment processing, email delivery, analytics, monitoring and logging, customer support, and fraud or abuse prevention providers.
Service providers and subprocessors are expected to process information for service-related purposes and according to applicable contractual obligations. Crawlora does not currently publish a separate Subprocessors route on this site, so provider categories are described here instead of listing an unverified complete subprocessor register.
Information may be processed in countries where Crawlora, infrastructure providers, payment providers, authentication providers, support tools, analytics tools, or other service providers operate. Those countries may have privacy laws that differ from the laws in your country.
Where required, Crawlora uses appropriate safeguards for international transfers. This Privacy Policy does not claim a specific hosting region, transfer mechanism, or data residency guarantee because those details are not verified in the current site content.
Crawlora retains information for as long as needed to provide the Service, maintain accounts, support billing and tax records, debug and secure the platform, prevent abuse, resolve disputes, comply with legal obligations, and improve reliability. Retention may be longer where needed for legal, security, accounting, abuse prevention, backup, or dispute reasons.
| Data type | Retention approach | Reason |
|---|---|---|
| Account data | Retained while the account is active and for a reasonable period afterward where needed. | Service and account management. |
| Billing records | Retained as required for tax, accounting, audit, and legal obligations. | Legal and accounting. |
| API usage metadata | Retained as needed for billing, debugging, security, abuse prevention, and service improvement. | Billing, security, and reliability. |
| Raw request logs | Retained for a limited period where needed for debugging, security, and incident investigation. | Operations and security. |
| Cached API output | Retained according to endpoint behavior, cache configuration, source stability, and service reliability needs. | Latency, reliability, and cost control. |
| Security logs | Retained as needed for abuse prevention, security monitoring, and incident response. | Security. |
| Support messages | Retained as needed for support history, dispute resolution, and service improvement. | Support. |
| Analytics data | Retained according to provider settings and business needs. | Website and product improvement. |
| Backups | Retained until overwritten or deleted through normal backup rotation. | Disaster recovery. |
Crawlora uses reasonable technical and organizational safeguards appropriate to the Service. These may include TLS in transit, access controls, API key protection, restricted administrative access, logging and monitoring, rate limiting and abuse detection, backup controls, and credential rotation practices where applicable.
No internet service can guarantee absolute security. You are responsible for protecting your account, sessions, API keys, credentials, and systems that call Crawlora. Contact security@crawlora.net if you believe your account, API key, or Crawlora data may be at risk.
Depending on your location and relationship with Crawlora, you may have rights to access data, correct data, delete data, export or receive a copy of data, object to processing, restrict processing, withdraw consent, opt out of marketing, opt out of sale, sharing, or targeted advertising where applicable, appeal certain decisions where applicable, and lodge a complaint with a privacy authority.
Submit privacy requests to privacy@crawlora.net. Crawlora may verify your identity before responding. Some data may be retained where required or permitted for legal, billing, tax, accounting, security, abuse prevention, backup, or dispute reasons.
California and some US state residents may have rights to know or access personal information, delete personal information, correct inaccurate personal information, opt out of sale, sharing, or targeted advertising, limit use of sensitive personal information, appeal certain decisions, and receive non-discriminatory treatment for exercising privacy rights.
Crawlora does not sell personal information for money. If Crawlora uses targeted advertising or other tools that are considered sale or sharing under applicable law, Crawlora will provide required notices and choices.
Users in the EU, UK, and EEA may have rights under GDPR or UK GDPR, including access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.
The legal bases table above explains the bases Crawlora may rely on for different processing activities. This page does not list an EU representative, UK representative, or Data Protection Officer because those details are not verified in the current site content.
Crawlora is not directed to children and is not intended for users under 16 or the minimum age required by applicable law. Crawlora does not knowingly collect children's personal data. If you believe a child provided personal data to Crawlora, contact privacy@crawlora.net.
Crawlora may use automated systems to authenticate API calls, calculate credits, apply rate limits, detect abuse, classify errors, monitor infrastructure, and prioritize retry or fallback behavior. These systems are used for service operations, security, reliability, billing, and abuse prevention.
Crawlora does not describe these systems as making legal or similarly significant decisions about individuals.
If Crawlora is involved in a merger, acquisition, financing, restructuring, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.
Crawlora may update this Privacy Policy from time to time. Material changes may be posted on the website, console, docs, or sent by email where appropriate.
Continued use of Crawlora after the effective date of an updated Privacy Policy means the updated policy applies to your use of the Service from that effective date.
Use the contacts below for the relevant request. Crawlora does not claim these mailboxes are monitored 24/7. Mailing address, legal entity, representative, and Data Protection Officer details are omitted because they are not published in the current site content.