Privacy Policy

Last updated: April 2026

1. Data Controller

ScrapeLane is operated by Urban Software. We are committed to protecting your privacy and handling your data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

• Account information (email, name) via our authentication provider
• Workflow definitions and execution logs
• Usage analytics (execution counts, feature usage)
• Payment information handled by our billing processor (we do not store card details)
• OAuth tokens for services you connect (encrypted at rest with AES-256-GCM)
• Data scraped by your workflows (you are the controller of this data)

3. How We Use Your Data

• To provide and improve the ScrapeLane service (Art. 6(1)(b) GDPR — contract)
• To process payments and manage subscriptions (Art. 6(1)(b) GDPR — contract)
• To send service-related notifications (Art. 6(1)(b) GDPR — contract)
• To detect and prevent abuse (Art. 6(1)(f) GDPR — legitimate interest)

4. Hosting & Data Location

Application and workflow data is hosted in Germany on Hetzner Cloud (Falkenstein / Nürnberg). The service runs exclusively on EU infrastructure.

Some sub-processors we currently use are incorporated outside the EU. These transfers are covered by the EU Standard Contractual Clauses (SCCs, Art. 46 GDPR) and each processor's certification under the EU-US Data Privacy Framework where applicable.

We are migrating to a 100 % EU-sovereign stack. The current and target sub-processor list — including migration status — is published at scrapelane.io/legal/processors.

5. Security

All stored credentials and OAuth tokens are encrypted at rest with AES-256-GCM. Tenant data is isolated at the query level. All network traffic is TLS-only.

6. Retention

• Execution logs: 7 days on Free, 90 days on Pro (per your plan)
• Workflow definitions: until you delete them
• Account data: until you request deletion
• Payment records: kept for as long as legally required for tax/accounting under German GoBD (up to 10 years)

7. Your Rights (Art. 15–22 GDPR)

You have the right to access, rectify, delete, export, restrict, or object to the processing of your personal data. You also have the right to lodge a complaint with a supervisory authority (Art. 77) — for Germany, the Federal Commissioner for Data Protection (BfDI) or your state authority.

To exercise these rights, email privacy@scrapelane.io or use the export / delete controls in Account Settings.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party analytics or advertising cookies.

9. Scraping & Your Responsibility

When you build workflows that collect data from third-party websites, you act as the data controller for that data. You must ensure you have a lawful basis under Art. 6 GDPR (and, where applicable, Art. 9) to process any personal data you scrape. ScrapeLane provides the tool; the legal basis is yours.

10. Contact

For privacy-related inquiries, contact us at privacy@scrapelane.io.