Legal · Privacy

Privacy Policy

Effective date: 20 April 2026 Last updated: 20 April 2026

1. Who we are

WebscrapingHQ is a managed web data operations provider. This Privacy Policy describes how we collect, use, and protect personal data in connection with:

  • our website (https://www.webscrapinghq.com), and
  • the managed-services engagements we run for client companies.

Throughout this policy, “WebscrapingHQ”, “we”, “our”, and “us” refer to the operating entity. Our registered place of business is New Delhi, India. For privacy enquiries, contact info@webscrapinghq.com.

2. What this policy covers

This policy covers:

  • Personal data of website visitors — people browsing https://www.webscrapinghq.com or submitting our intake / contact forms.
  • Personal data of client representatives — individuals at client companies we correspond with during scoping, delivery, and billing.
  • Personal data contained in data deliveries — only where a client engagement specifically involves personal data (which is rare; most engagements cover product, pricing, listing, or public-company data).

This policy does not cover:

  • Public websites we scrape on behalf of clients (that is the client’s legal posture, governed by their engagement scope and applicable law). Where a client engagement requires extraction of personal data, scope and legal basis are confirmed with the client up-front in writing.

3. Data we collect

3.1 From website visitors

  • Information you submit to us on the intake form (/#intake), contact form (/contact), or in email correspondence. Typical fields: name, work email, company, role, a description of the project or enquiry, and anything else you choose to share.
  • Information automatically collected when you visit the site: IP address, user agent, referrer, pages viewed, timestamps, and coarse geographic region. We use this for site analytics, debugging, and abuse protection.

3.2 From client representatives

  • Name, work email, role, and company of people we correspond with during scoping, delivery, and invoicing.
  • Communications (email threads, call notes, shared documents) related to the engagement.
  • Billing details necessary to process payments (typically company billing address and email).

3.3 In data deliveries (only when applicable)

  • If a specific engagement involves scraping personal data (for example, public directory listings, publicly listed contact information, or publicly available professional profiles), we handle that data under the terms agreed with the client for that engagement. Scope, legal basis, and lawful grounds for processing are confirmed in writing before the pipeline runs.

4. Lawful basis for processing (GDPR / comparable regimes)

Where applicable law requires a lawful basis, we rely on:

  • Contract — processing necessary to deliver services requested by a client.
  • Legitimate interest — running and securing our website, protecting against fraud and abuse, responding to enquiries, and business development.
  • Consent — where we ask you for it explicitly (for example, marketing emails, which we do not currently send without prior context).
  • Legal obligation — tax, accounting, and legal record-keeping.

5. How we use personal data

  • To respond to enquiries submitted through our forms or by email.
  • To scope, deliver, and support managed-services engagements.
  • To invoice clients for services rendered.
  • To operate, secure, and improve our website.
  • To detect and prevent fraud and abuse.
  • To comply with legal obligations.

We do not sell personal data. We do not share personal data with advertising networks.

6. Third-party subprocessors

We rely on a small number of third-party service providers to operate the website and run our business. Each is bound by their own privacy and data-processing commitments:

  • Vercel, Inc. — website hosting, deployment, and product analytics (page views, referrers, coarse geography). We use Vercel’s privacy-forward analytics mode; cookies are not set for analytics purposes. See Vercel’s privacy policy at https://vercel.com/legal/privacy-policy.
  • Formspree, Inc. — form submission processing (intake form, contact form, email capture from demo flows where applicable). Form submissions are transmitted to Formspree, stored briefly for delivery, then emailed to us. See Formspree’s privacy policy at https://formspree.io/legal/privacy-policy.

If we add new subprocessors whose role materially changes how personal data is handled, we will update this policy.

7. Cookies

We use the minimum cookies necessary to operate the site. Vercel Analytics operates in a cookieless mode. If our site embeds any third-party content (for example, YouTube) that sets cookies, that content is loaded only when a visitor interacts with it.

8. Data retention

  • Form submissions (intake, contact, email capture): retained for as long as the enquiry is active, plus a reasonable follow-up window, plus any period required by law.
  • Client correspondence: retained for the life of the engagement plus seven years for tax, audit, and dispute-resolution purposes.
  • Delivered data sets: retained only as long as is agreed in the client engagement; deleted thereafter.
  • Website logs: retained for up to 90 days for security and abuse investigation.

9. International transfers

We are based in India. If you are accessing the site or dealing with us from the EEA, UK, or another jurisdiction with cross-border transfer restrictions, personal data may be transferred to, and processed in, India. Where required, we put contractual safeguards in place (for example, Standard Contractual Clauses).

10. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Request restriction or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent where processing relies on consent.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email info@webscrapinghq.com. We respond within the time frames required by the relevant law (typically 30 days).

11. Security

We apply reasonable technical and organisational safeguards: access controls, encryption in transit, vendor review, and principle-of-least-privilege access to client data. No system is perfectly secure; if we become aware of a material personal-data incident affecting you, we will notify you and the appropriate regulators within required time frames.

12. Children

Our services are not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us and we will delete it.

13. Compliance posture for client engagements

We are a managed-services provider, not a certified auditor. We do not currently hold ISO 27001, SOC 2, or PCI DSS certifications in our own name. For client engagements in regulated industries (healthcare, finance, EU data, etc.), we scope the engagement to meet the client’s compliance requirements — including, where applicable, data-processing agreements, restricted-access handling, and specific retention controls. Clients with specific certification requirements are welcome to raise them during scoping; we will flag up-front whether we can meet them.

14. Changes to this policy

We may update this policy from time to time. The “Effective date” and “Last updated” fields at the top of this document track the current version. Material changes will be highlighted at the top of the document for a reasonable period.

15. Contact

For any questions, requests, or complaints relating to this Privacy Policy or our handling of personal data, contact info@webscrapinghq.com.

Ready when you are

Tell us what you need. We'll quote in 24 hours.

Custom AI-powered scraping pipelines, delivered on your schedule. Trusted by enterprise ad verification, Fortune 500 brands, and AI platforms since 2019.

Book a free consultation

Usually reply within 24 hours · NDA-friendly

GDPR + SOC2-ready Recurring from USD 500/mo SLA-backed delivery