ScrapeFlow Logo
SCRAPEFLOW

Privacy Policy

Welcome

Welcome to Scrapeflow and thank you for your interest in this Privacy Policy. In this Privacy Policy, you will find all the information about which personal data we collect and process and for what purpose when you are visiting our website (our “website”) and Scrapeflow our Software as a Service scraping platform (our “SaaS”). Equally, we will also inform you of our use of cookies on our website and your data protection rights and how you can assert them.

GENERAL PRINCIPLES

What is Personal Data?

Personal Data is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device id and your IP address.

What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

What law applies?

We will only use your Personal Data in accordance with the applicable data protection laws, in particular Switzerland’s new Data Protection Act (“nDSG”) and the EU’s General Data Protection Regulation (“GDPR”), and of course only as described in this Privacy Policy.

Who is responsible for data processing?

The responsible party within the meaning of the nDSG and GDPR for the data we collect for our own purposes (e.g., website analytics, account management, marketing) is Scrapeflow made by Wiesmann Solutions Engineering, Bächirainstrasse 4, 6422 Steinen, Switzerland (“We”, “us”, “our”). For data that you instruct us to scrape and process using our SaaS, you are the Data Controller and we act as your Data Processor. If you want to contact us or if you have any questions, you can reach us by email using support@scrapeflow.io, use our Contact Form, or write to us at the above address.

What are the Legal Bases for processing Personal Data

In accordance with the nDSG and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

Who is the competent data protection authority?

The supervisory authority in Switzerland is: The Swiss Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, Switzerland, www.edoeb.admin.ch However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

How long will you keep my data?

We process and store your Personal Data (that we control, e.g., account information, marketing consent data) only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Switzerland’s Commercial Law and Fiscal Code and others for up to 8 years). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted. For data processed on your behalf via our SaaS (i.e., scraped data), we retain it according to your instructions, the terms of our service agreement, or as necessary for the provision and maintenance of the service.

What Personal Data Do We Process Through Our Website?

Hosting of our website

We use the hosting services of Hetzner for the purpose of hosting and displaying our website. In doing so Hetzner processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website and services, on the basis of our legitimate interests in an efficient and secure provision of the website and services in conjunction with the provision of contractual services.

Content Management System

We use our custom programed nextjs based website to publish and maintain the created and edited Content and texts on our website. This means that all content and texts related to our website's informational pages are managed here. User-submitted data via forms is also processed through this system. The legal basis for this processing is our legitimate interest.

eCommerce system

To provide our eCommerce system for subscriptions and service payments, we use Stripe (11 Wall Street, New York, NY 10005, USA).Both your inventory data (related to your purchase) and your usage data (related to the purchasing process) are stored on Stripe’s servers. The legal basis for processing is our legitimate interest and the performance of a contract.

Google Maps

Our website may use Google Maps API from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, US, and Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland) to visually display geographical information (e.g., our office location). When using Google Maps, Google also collects, processes and uses data about visitors’ use of the map functions (You can find more information about data processing by Google in the Google privacy policy). The integration of Google Maps represents a legitimate interest.

Cookies

i) What are cookies?

A cookie is a small text file that is sent to your device’s hard drive by a website. Each time you return to the same website, your browser retrieves and sends the relevant cookie(s) to that website’s server.

ii) How are cookies used?

Cookies used by us are stored on your device. Cookies can be divided into the following two broad categories:

  • Technically necessary cookies (Essential)
    Technically necessary cookies are required for our website to function properly; they enable you to navigate our website efficiently and use its functional features.
  • Technically non-essential cookies
    • Analytical/Performance Cookies
      These cookies allow us to measure and report on website activity by tracking page visits, visitor locations and how visitors move around our website. The information collected does not directly identify visitors. We place these cookies to help us analyze that data for improving our website.
    • Marketing/Advertising Cookies
      Marketing cookies help us provide you with personalized and relevant services or advertising for Scrapeflow services, and track the effectiveness of our digital marketing activities. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.

iii) The non-essential cookies we use

We utilize the below mentioned non-essential cookies, and other online identification technologies such as web beacons, or pixels to provide users with an improved user experience on our website and for our marketing efforts.

Google Analytics

We use Google Analytics, a web analytics service provided by Google. Google Analytics also uses cookies to enable our website to analyze how users use our website across multiple devices. The information generated by the cookies about your use of our website is transmitted to and stored by Google, including transmission to the United States. The following data is processed through the use of Google Analytics: i) 3 bytes of the IP address of the called system of the website visitor (anonymised IP address); ii) the website called up; iii) the website from which the user reached the accessed page of our website (referrer); iv) the subpages accessed from the website; v) the time spent on the website; and vi) the frequency with which the website is accessed.

Google states that it will not associate your IP address with any other data held by Google. The use of this service is based on your consent. You can withdraw your consent at any time using our cookie preference pop-up. The legal basis for the processing is also your consent. In relation to the data transfer into the USA Google’s processing agreement for GA, can be read here.

You can disable tracking by Google Analytics with future effect by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser following this link.

Google Tag Manager

We also use Google Tag Manager. Google Tag Manager is a solution enabling us to administer website tags via an interface. Google Tag Manager itself, which implements the tags, is a cookie-free domain and does not record any personal data. However, the tool triggers other tags that may record your Personal Data. Google Tag Manager itself does not access this data. If you refuse Analytical/Performance and/ or Marketing & Social Media Cookies, Google Tag Manager remains in place for managing essential tags. The legal basis for the processing is our legitimate interest.

Google Ads

We use Google Ads, an online advertising service provided by Google, for our own marketing purposes. Google Ads enables us to show advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be shown on the basis of user data available to Google (e.g. location data and interests) (target group targeting). With the help of Google Ads, we can evaluate this data quantitatively, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks. The use of this service is based on your consent.

Google Ads Remarketing

We also use the remarketing functions Google Ads for our own marketing. Google Ads Remarketing allows us to assign people who interact with our advertisements and website to specific target groups and to display interest-based advertising to them within the Google advertising network.

Further, the advertising target groups created by us using Google Ads Remarketing can be linked to Google’s cross-device functions. This means that interest-based, personalized advertising (that is advertising that has been adapted to you depending on your previous usage and surfing behavior on our website) can also be displayed on another of your devices. The use of this service is based on your consent.

Google Conversion Tracking

We also use Google Conversion Tracking for our own marketing. With the help of Google conversion tracking, we and Google can recognize whether the user has performed certain actions on our website (e.g., signing up for a trial). For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics for our marketing campaigns. We also learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification. The use of this service is based on your consent.

Pixel Cookies and Tags

We use so-called Pixel Cookies and Tags (“Pixel Cookies”) for our own marketing. A Pixel Cookie is an advertising tool and typically consists of a JavaScript code snippet that allows us to understand and track visitors’ activity on our website. For this purpose, Pixel Cookies collect and process information about visitors of our website and the device used (so-called event data).

Event data collected through Pixel Cookies is used for targeting our advertisements and improving ad delivery and personalized advertising for Scrapeflow services. For this purpose, the event data collected on our website by means of Pixel Cookies is transmitted to the relevant operator of the Pixel Cookie and in part, also stored on your device. However, this only happens with your consent, and we and the relevant operator of the Pixel Cookie are considered joint controllers for the collection and transmission. Nonetheless, for the subsequent processing of the transmitted Event Data, the relevant operator of the Pixel Cookie is the sole controller.

For more information about how the relevant operator of the Pixel Cookie processes personal data, including the legal basis on which they rely on and how you can exercise your rights against, please refer to the following Privacy Policies: Facebook, Instagram (both by Meta Platforms, Inc., 1601 Willow Road Menlo Park California 94025 und 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland), X (formerly Twitter) (Market Square, 1355 Market St suite 900, San Francisco, CA 94103, USA) and LinkedIn (LinkedIn Corporation, 605 W Maude Ave, Sunnyvale, CA 94085, USA). The legal basis for the processing is also your consent.

SourceBuster

Our website uses the service SourceBuster JS. The provider of this service is Sourcebuster. As this service is hosted locally on our web server, no data is transferred to third parties. The analytical cookies used are to identify the source of a visit to our website and to store information about user actions for our own analytics. The legal basis for the processing is also your consent.

iv) How to manage cookies

In your browser

You also can manage your cookies preferences using the following links for some of the most popular internet browsers: Edge, Google Chrome, Firefox, Safari, Opera.

Cookie preference pop-up

We also offer a cookie preference pop-up when you first visit our website. This pop-up is a consent tool and allows you to specify your preference about cookies. You can accept or reject them or access this Cookie Policy before giving your consent to cookies or rejecting them.

Advertising personalisation or retargeting/tracking opt out

In addition, if you do not wish to participate in advertising personalisation or retargeting/tracking you can object to behavioral advertising at the following websites: Your Online Choices, Digital Advertising Alliance of Canada, Network Advertising Initiative, AdChoices and the European Interactive Digital Advertising Alliance (Europe only), Google Ad Settings, Facebook Ad Settings, Instagram Ad Settings.

Contact options

We process and store the Personal Data provided in the contact enquiry solely for the purpose of processing and responding to your enquiry and contacting you. If you contact us, we will process the data you provide to respond to you and answer your questions and requests. In doing so, the principle of data economy and data avoidance is observed in that you only have to provide the data that we absolutely need from you in order to contact you. These are usually your first and last name, your email address, the topic selection and the message field itself. In addition, your IP address is processed out of technical necessity and for legal protection. The legal basis for processing is our legitimate interest, the provision or initiation of a contractual service and your consent.

Payment Data

If you make a purchase your payment data will be processed via our payment service provider Stripe (354 Oyster Point Blvd South San Francisco, CA 94080, USA). Payment data will solely be processed through Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the contract.

Contracting with us

We process the Personal Data involved in your use of our SaaS and your contract with us in order to be able to provide our contractual services. The Personal Data obtained from or provided by you depends on how you are using our SaaS (e.g., account information, subscription details) and your particular requirements and may include your contact details, contract details, payment information and data relating to your preferences for our service. This includes in particular our support, correspondence with you, invoicing, fulfillment of our contractual obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations and in individual cases, your consent.

Data management and customer support

For optimal customer support for Scrapeflow services, we use first name, last name, e-mail address, and the data related to your contract with us. Your data will be stored on our website and or our customer relationship management system provided by Hubspot (2 Canal Park, Cambridge, MA 02141, United States and 1 Sir John Rogerson’s Quay, Dublin, Ireland). This data processing is based on our legitimate interest in providing our service.

Downloading our Brochure and Resources

When you go ahead and download our brochure and resources from our website, your IP address is requested and logged for documentation purposes by WordPress. This is a mere technical process and required to make our brochure and resources available for download to your device or depending on your browser available for viewing. You may also be asked to provide contact information (e.g., email) for marketing purposes, for which your consent will be sought. The basis for this storage is the provision of a contract (for the download) and our legitimate interest or your consent (for marketing).

Testimonials

Within the Testimonial section on our website, we may display certain personal data, share certain details, knowledge and insights about experiences with Scrapeflow. When you approve and submit your Testimonial to us your consent is obtained, and you have choices about the information in your Testimonial. The storage of Testimonials is based on your consent. You can revoke your consent at any time. For this purpose, an informal message by e-mail to us is sufficient.

Aggregated Data

We also collect, use and share aggregated data such as statistical or demographic data for any purpose including improving our website and services. Aggregated data could be derived from your Personal Data (e.g., website usage patterns, general demographics of our user base) but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.

What Personal Data Do We Process Through Our SaaS?

Registration

As part of the registration process for Scrapeflow, users provide their Email address and their chosen password. The data provided will be used for the purposes of creating and using the account and providing and/or using our services. In the context of the use of our registration and the use of your account, the legal basis for the data processing is the fulfillment of our contractual obligations as well as your consent.

Alternatively, you are able to sign up using the convenience login and sign up from Google. For convenience login and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. When registering via convenience functions, you agree to the relevant terms and conditions and consent to certain data from your Google profile being transferred to us.

Our signup and login system is powered using the Clerk Auth services of Clerk Inc. which is an authentication and user management system. Clerk Auth provides, among other functionality, a account security system which is a protocol that generates encrypted security tokens and enables users to verify their identity and then generates a unique encrypted authentication token. The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.

When using our SaaS (Scraping Platform)

If you wish to use our scraping platform and its features, we process the data you provide and the data generated as a result of your instructions. This may include Personal Data, Special Category Data, or non-personal data that you instruct us to scrape from third-party sources or that you otherwise make available to us via the platform. This includes your scraping configurations, target URLs, instructions, and the resulting scraped data (“Service Data”).

We recognize that you own your Service Data (subject to any rights of the original data sources). We provide you with control over your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations (where applicable), and (iii) request export or deletion of your Service Data, subject to the terms of our agreement.

When we process Service Data, we act as your Data Processor. We will process the Service Data involved in your use of our SaaS in accordance with your instructions and shall use it only for the purposes agreed between you and us, primarily to provide the scraping service to you. Crucially, Scrapeflow does not have insight into, nor does it analyze or use, the specific content of the data you scrape using our platform, except where strictly necessary for platform operation (e.g., troubleshooting a failed scrape if you provide us with the details and explicit consent for such access), to ensure compliance with our Terms of Service (e.g., investigating abuse or technical issues), or as required by law or legal process. Our role is to provide the platform and infrastructure for you to conduct your scraping activities.

We ensure that access by our employees to your Service Data is only available on a need-to-know basis, restricted to specific individuals for operational or support purposes as outlined above, and is logged and audited where appropriate. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

Some jurisdictions may require you to disclose your use of our SaaS as your processor in your privacy policy and/or data processing agreement as applicable. For this purpose all Service Data processed by us will be processed using infrastructure providers such as Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany), Amazon AWS (Amazon Web Services, Inc.,410 Terry Avenue North Seattle, WA 98109 United States), and potentially other similar service providers for specific functionalities like LiveKit Incorporated (12151 Saraglen Drive, Saratoga, CA, 95070, USA) if applicable. We take appropriate legal precautions such as Data Processing Agreements (DPAs) that include Standard Contractual Clauses (SCCs) and corresponding technical and organizational measures to ensure the protection of your Service Data.

Lastly and if you are providing us with Personal Data relating to a third party (e.g., by scraping data containing personal information), you agree a) that you have in place all necessary appropriate consents and legal bases for such scraping and processing and b) that such third party has been informed as required by applicable law. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

The legal basis for our processing of your Service Data is our obligation to fulfill the contract we have with you (to provide the scraping platform) and to act upon your instructions as Data Controller.

Support ticket

If you create a support ticket, we will request Personal Data (e.g., your name, email address) and, where applicable, non-personal data in accordance with your request. This may include details about your scraping task or account-related data you voluntarily provide. The data provided is used for the purpose of processing and handling your ticket. If you share specific Service Data (e.g., scraped data samples, configurations) with us for troubleshooting, we will only use it for that specific purpose with your explicit consent for such access.

Our employees will have access to data that you knowingly share with us for technical support. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfill the contract and/or our legitimate interest in processing your support ticket.

Data Sharing

In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

Internal

If necessary, we transfer your Personal Data within Scrapeflow. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorized employees who need access to the data due to their job, e.g., to provide our services, support, or to contact you in case of queries.

We may also share your Personal Data (primarily account and contact information) with our Business Partners if necessary for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customizing our business to better meet your needs, always under appropriate contractual safeguards.

External bodies

Personal Data is transferred to our service providers (sub-processors) in the following instances:

  • in the context of fulfilling our contract with you (e.g., hosting providers for the SaaS, payment processors),
  • to communicate with you (e.g., email service providers, CRM systems),
  • to provide our website and SaaS functionalities, and
  • to state authorities and institutions as far as this is required or necessary by law.

We do not share your scraped Service Data with third parties except for the sub-processors essential for providing the SaaS platform itself (e.g., cloud hosting) or as legally compelled.

International transfers

We may transfer your Personal Data (including Service Data processed on your behalf) to other companies or sub-processors as necessary for the purposes described in this Privacy Policy. These may be located outside of Switzerland or the European Economic Area. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements (such as Standard Contractual Clauses) regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

Security of Your Data

In order to protect the data stored with us (including your account information and the Service Data we process on your behalf) in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach affecting Personal Data we control, or Service Data we process, we will notify affected individuals or you (as the Data Controller for Service Data) as expeditiously as possible after which the breach was discovered, in accordance with applicable law.

Your Rights and Privileges

Privacy rights

Under the nDSG and the GDPR, you can exercise the following rights with respect to Personal Data for which we are the Data Controller (e.g., your account information, marketing preferences):

  • The right to access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to object to processing (where based on legitimate interest);
  • The right to data portability;

For Service Data (including scraped data) for which you are the Data Controller and we are the Data Processor, we will assist you in fulfilling data subject requests in accordance with our contractual agreements.

Updating your information and withdrawing your consent

If you believe that the information we hold about you (for which we are controller) is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us. Where processing is based on consent (e.g., for marketing cookies or marketing emails), you can withdraw your consent at any time.

Access Request

In the event you want to make a Data Subject Access Request for data we control, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

What we do not do

  • We do not request Personal Data from minors and children for our services without obtaining prior parental or legal guardian consent;
  • We do not knowingly process special category data for our own purposes without obtaining prior specific consent (note: you as a user are responsible for the legality of any special category data you choose to scrape using our platform);
  • We do not use Automated decision-making including profiling with significant legal effects on individuals for our own services; and
  • We do not sell your Personal Data, nor do we sell the Service Data you process using our platform. Our collection of data is for providing our services and, with your consent, for our own marketing purposes.

How Do We Make Changes to This Policy?

We may change our Privacy Policy from time to time. When we change our Privacy Policy, we will publish the updated policy on our website. Please check this Privacy Policy regularly. Subject to applicable law, all changes will take effect as soon as we publish the new Privacy Policy, but where we have already collected information about you and/or where legally required to do so, we may take additional steps to inform you of any material changes to our Privacy Policy and may request that you agree to these changes.

Effective Date

Wednesday, 21st of May, 2025