Legal
Privacy policy
Last updated June 1, 2026
This policy describes how ScrapeNest SAS processes personal data under Regulation (EU) 2016/679 (GDPR) and French data-protection law.
Controller
ScrapeNest SAS, registered at [TO COMPLETE], is the controller for the processing described below. Questions: privacy@scrapenest.com.
Data Protection Officer (DPO): [TO COMPLETE] — dpo@scrapenest.com.
Data we process and why
We process the following categories:
- Account and billing data (identity, work email, organization, billing details, VAT) — to deliver the service and issue invoices.
- Usage and technical logs (job IDs, run metadata, IP addresses, traces) — to operate, secure and bill the platform.
- Contact-form data — to answer your enquiries.
- Audience-measurement data, only with your consent (see the cookie policy).
Legal bases
- Performance of a contract (Art. 6(1)(b)) for service delivery.
- Legal obligation (Art. 6(1)(c)) for invoicing and accounting retention.
- Legitimate interest (Art. 6(1)(f)) for security, abuse prevention and product improvement.
- Consent (Art. 6(1)(a)) for audience measurement and any marketing.
Data scraped on your behalf
When you use our services to collect data, you act as controller and ScrapeNest acts as processor under our Data Processing Agreement (DPA). You remain responsible for the lawfulness of the collection.
Retention
- Account data: for the duration of the contract, then archived per legal obligations.
- Job artifacts and logs: per the retention policy you configure (limited by default), then purged.
- Billing data: 10 years (accounting obligations).
- Contact data: 3 years from last contact.
Recipients and processors
Data is accessible to authorized staff and to technical sub-processors (hosting, payment, monitoring) located in the EU. Our sub-processor list is available on request at privacy@scrapenest.com.
Transfers outside the EU
Our services are hosted in the EU. The only transfer outside the EU is Google Analytics, which runs solely with your consent and may transfer audience-measurement data to the United States under the EU–US Data Privacy Framework and standard contractual clauses (see the cookie policy). Any other transfer would likewise be covered by appropriate safeguards.
Your rights
You have the rights of access, rectification, erasure, restriction, objection and portability, and the right to withdraw consent at any time. Exercise them at privacy@scrapenest.com.
You may lodge a complaint with the CNIL (www.cnil.fr).
Security
We apply appropriate technical and organizational measures: encryption in transit and at rest, least-privilege access control, logging of sensitive actions and security monitoring.