Privacy Policy

1. Introduction

This Privacy Policy describes how and why Scrapely LLC ("Scrapely," "we," "us," or "our") collects, stores, uses, and shares ("processes") your information when you use our services (the "Services"). This includes when you:

• Visit our website at https://scrapely.co, or any of our websites that link to this policy;
• Create an account and use our X (Twitter) outreach, lead scraping, and campaign management platform;
• Access and use our API;
• Engage with us through our managed services (done-for-you campaigns);
• Engage with us in other related ways, including sales, marketing, or customer support.

Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at jules@scrapely.co.

2. What Information We Collect

We collect personal information from several sources to provide and improve our Services. The types of information we collect depend on how you interact with us.

2.1 Personal Information You Provide to Us

We collect personal information that you voluntarily provide to us when you register for an account, subscribe to a plan, or contact us. This information includes:

• Identifiers: Your name, email address, and username.
• Professional Information: Your job title, company name, and industry (if provided).
• Contact Preferences: Your preferences for receiving marketing and service communications.
• Payment Data: We collect data necessary to process your payments, such as your payment instrument number and security code. All payment data is stored and processed by our third-party payment processor, Stripe (https://stripe.com/privacy). We do not store your full credit card number on our servers.

2.2 Information from Your Connected X (Twitter) Accounts

When you connect your X (Twitter) account to our Services, you grant us permission to access and process data from that account. This is essential for the core functionality of our platform. This information includes:

• Account Identifiers: Your X (Twitter) username/handle and account identifiers.
• Authentication Data: Session cookies (auth_token and ct0), X chat pin, and related authentication tokens necessary to operate the Services on your behalf. We do not collect or store your X (Twitter) password or two-factor authentication (2FA) codes.
• Profile Information: Your X (Twitter) profile picture, bio, and other publicly available profile information.
• Account Activity: We access your account to send direct messages, manage campaigns, and perform other automation tasks on your behalf as directed by you through the Services.
• Direct Message Content: We process the content of the direct messages you send through our platform, including the text and the recipients' information.
• Analytics Data: We collect data about the performance of your outreach campaigns, such as send rates, reply rates, and other engagement metrics.

We do not control, and are not responsible for, the privacy practices of X (Twitter). We recommend you review their privacy policy to understand how they handle your data.

2.3 Information About Third Parties (Scraped Leads)

When you use our lead generation and scraping features, you may collect publicly available information about third parties from X (Twitter). This information may include usernames, profile information, bios, follower counts, following lists, and public posts.

2.4 Information We Collect Automatically

When you visit, use, or navigate our Services, we automatically collect certain information. This information does not reveal your specific identity but may include device and usage information:

• Log and Usage Data: Service-related, diagnostic, usage, and performance information, including your IP address, browser type, device characteristics, operating system, referring URLs, and activity within the Services.
• Device Data: Information about the computer, phone, or tablet you use to access the Services, including IP address, device and application identification numbers, location data, and hardware model.
• Cookies and Tracking Technologies: We use cookies and similar technologies to collect and store your information. For more details, please see Section 11.

3. How We Use Your Information

We process your information for a variety of reasons, depending on how you interact with our Services. Our primary purpose is to provide, improve, and administer our Services.

We use your information to:

• Provide and Manage the Services: Create and manage your account, process payments, deliver the core functionality of our platform including sending automated direct messages, scraping publicly available lead information, managing campaigns, providing CRM functionality, and delivering API access as you direct.
• Deliver Managed Services: For done-for-you (DFY) customers, we use your information to operate campaigns, manage outreach, and report on performance as specified in your Statement of Work.
• Communicate with You: Respond to your inquiries, provide customer support, and send you service-related announcements.
• Improve Our Services: Analyze usage data to understand how our Services are being used, identify trends, diagnose technical issues, and develop new features.
• Ensure Security and Prevent Fraud: Monitor for fraudulent activity, violations of our Terms of Service and Acceptable Use Policy, and other potentially harmful activity.
• Comply with Legal Obligations: Process your information as necessary to comply with applicable laws, regulations, court orders, or other legal processes.
• Market Our Services: Send you marketing communications about our products and services, subject to your communication preferences. You can opt out at any time.

4. Legal Bases for Processing

We process your personal information only when we have a valid legal reason to do so under applicable law. The legal bases we rely on include:

• Performance of a Contract: Processing necessary to provide you with our Services and fulfill our contractual obligations under our Terms of Service.
• Legitimate Interests: Processing necessary for our legitimate business interests, including improving our Services, ensuring security, and preventing fraud, where those interests are not outweighed by your rights.
• Consent: Processing based on your specific, informed consent, such as for certain marketing communications. You can withdraw your consent at any time.
• Legal Obligations: Processing necessary for compliance with a legal obligation, such as responding to a court order.

5. When and With Whom We Share Your Information

We may share your personal information in the following circumstances and with the following categories of third parties:

5.1 Service Providers (Sub-processors)

We share your information with third-party vendors who perform services on our behalf. These may include:

• Stripe: For payment processing.
• Supabase: For database hosting and infrastructure.
• Analytics Providers: For website and product analytics.
• Communication Tools: For customer support and service communications.

We have contracts in place with our service providers that are designed to safeguard your personal information. They are prohibited from using your personal information for any purpose other than to provide the services we have contracted them for.

5.2 Third-Party Platforms

To provide the core functionality of our Services, we interact with X (Twitter) on your behalf using the authentication data you provide. This interaction is necessary to send direct messages, scrape publicly available data, and perform other actions you authorize.

5.3 Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5.4 Legal Obligations and Rights

We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process. We may also disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, or situations involving potential threats to safety.

5.5 No Sale of Personal Information

We do not sell or share your personal information with third parties for their direct marketing purposes.

6. Data Security

We implement commercially reasonable technical and organizational security measures designed to protect the security of the personal information we process. These measures include:

• Encryption: We use encryption (such as SSL/TLS) to protect your data in transit. Authentication tokens and session cookies are encrypted at rest.
• Access Controls: We limit access to your personal information to personnel who have a legitimate business need to access such information.
• Secure Infrastructure: Our Services are hosted on secure infrastructure with industry-standard protections.
• Credential Handling: We store only the minimum authentication data necessary to operate the Services (session cookies and account identifiers). We do not store your X (Twitter) password or 2FA codes.

Despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from our Services is at your own risk.

6.1 Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will take the following actions:

• Notification to You: We will notify affected users without undue delay and, where required by applicable law, within seventy-two (72) hours of becoming aware of the breach.
• Information Provided: Our notification will include a description of the nature of the breach, the categories of data affected, the likely consequences, the measures we have taken, and contact information for further inquiries.
• Regulatory Notification: Where required by law, we will notify the relevant data protection authorities within the timeframes required.
• Remediation: We will take immediate steps to contain and remediate the breach, including conducting a thorough investigation and implementing additional security measures.

If you have reason to believe that your interaction with us is no longer secure, please immediately notify us at jules@scrapely.co.

7. Data Retention

We retain your personal information only for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

Generally, we retain your personal information for the duration of your account with us. When your account is terminated or you cancel your subscription:

• Authentication data (session cookies, tokens) for Connected Accounts will be deleted promptly after disconnection.
• Customer Data (campaign data, lead lists, message history, analytics) will be deleted or anonymized following written request, subject to any legal retention obligations.
• Account information (name, email) may be retained for a limited period for legitimate business purposes such as fraud prevention, dispute resolution, and compliance with legal obligations.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or securely store it and isolate it from any further processing until deletion is possible.

8. International Data Transfers

Your information may be transferred to, stored, and processed in the United States, where our Services are hosted and operated. If you are accessing our Services from outside the United States, including from the European Economic Area (EEA), United Kingdom (UK), or other regions with data protection laws that may differ from U.S. laws, please be aware that your information will be transferred to and processed in the United States.

When we transfer personal information internationally, we take steps to ensure that appropriate safeguards are in place to protect your information as described in this Privacy Policy.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Right to Access: Request access to and obtain a copy of your personal information.
• Right to Rectification: Request that we correct inaccurate or incomplete personal information.
• Right to Erasure: Request that we delete your personal information.
• Right to Restrict Processing: Request that we restrict the processing of your personal information.
• Right to Data Portability: Request that we transfer your personal information to another organization or directly to you.
• Right to Object: Object to our processing of your personal information for certain purposes.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at jules@scrapely.co. We will respond to your request within the timeframe required by applicable law.

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). You have the right to:

• Know what personal information we collect, use, and share about you;
• Request deletion of your personal information;
• Opt out of the sale or sharing of your personal information (we do not sell your personal information);
• Non-discrimination for exercising your privacy rights.

To exercise your rights under the CCPA/CPRA, please contact us at jules@scrapely.co.

9.2 European Economic Area (EEA) and UK Residents

If you are a resident of the EEA or UK, you have the rights described above under applicable data protection law, including the General Data Protection Regulation (GDPR) and the UK GDPR. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.

For transfers of personal data from the EEA and UK to the United States, we rely on appropriate safeguards as required by applicable law.

10. Information from Minors

We do not knowingly solicit data from or market to individuals under 18 years of age. By using the Services, you represent that you are at least 18 years old or that you are the parent or guardian of such a minor and consent to such minor's use of the Services.

If we learn that personal information from users under 18 years of age has been collected, we will take reasonable measures to deactivate the account and promptly delete such data from our records. If you become aware of any data we may have collected from individuals under 18, please contact us at jules@scrapely.co.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you use our Services. Cookies are small data files placed on your device that help us improve our Services and your experience.

We may use the following types of cookies:

• Essential Cookies: Necessary for the operation of our Services. These include cookies that enable you to log into secure areas of our platform.
• Analytics Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Services. This helps us improve the way our Services work.
• Marketing Cookies: Used to track visitors across websites to allow the display of relevant advertisements.

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to remove or reject cookies. Please note that removing or rejecting cookies may affect the availability and functionality of our Services.

12. Anonymized and Aggregated Data

We may collect and aggregate technical and usage data about your use of the Services that is non-personally identifiable ("Anonymized Data"). We may use Anonymized Data to analyze, improve, support, and operate the Services and for any legitimate business purpose, including generating industry benchmarks, best practice guidance, or similar reports. We will not identify you as the source of any Anonymized Data.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this document. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes on our website or by directly sending you a notification to the email address associated with your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.