Privacy Policy

1. Data Controller

This Privacy Policy governs the processing of personal data by the Krawly.io team — an independent engineering team operating https://krawly.io. For all privacy enquiries, please contact info@krawly.io.

2. Data We Collect

• Account Information: Name, email address, username, phone number, and company name provided during registration.
• Authentication Data: Hashed passwords, OAuth tokens (for Google Sign-In).
• Usage Data: Scraping configurations, job history, API usage logs, session data.
• Technical Data: IP address, browser type, operating system, device information, timestamps.
• Payment Data: If applicable, processed through third-party payment providers (Paddle). We do not store credit card details directly.

3. Purpose of Data Processing

• Providing and maintaining the Krawly platform and its web scraping tools
• User account management and authentication
• Processing tool requests and delivering results
• Communicating service updates, security alerts, and support responses
• Improving platform performance
• Complying with legal obligations and preventing fraud

4. Legal Basis for Processing

• Contract Performance: To provide you with the services you signed up for.
• Legitimate Interest: For platform security, fraud prevention, and service improvement.
• Legal Obligation: To comply with applicable laws and regulations.
• Consent: For optional communications and cookies.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Cloud Service Providers: For hosting and infrastructure.
• Payment Providers: Paddle acts as our Merchant of Record for subscription billing.
• Authentication Providers: Google OAuth for social sign-in.
• Legal Authorities: When required by law.

6. Data Retention

We retain your personal data for the duration of your account. Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.

7. Your Rights

Under GDPR and KVKK, you have the following rights:

• Right of Access: Request a copy of your personal data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data.
• Right to Data Portability: Request your data in machine-readable format.
• Right to Object: Object to data processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, contact info@krawly.io. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details on every cookie category we set.

8a. Advertising and Google AdSense

Krawly may display advertising served by Google AdSense and other third-party advertising networks. These networks may use cookies, web beacons, and similar technologies to serve ads based on your prior visits to Krawly and other websites. Specifically:

• Google's use of advertising cookies enables Google and its partners to serve ads to users based on their visits to Krawly and other sites on the internet.
• Personalised advertising can be disabled at any time through Google Ads Settings. Users in the EU/UK can additionally manage consent through the cookie banner shown on first visit.
• Third-party vendors using cookies on Krawly may include Google, DoubleClick, and AdSense partner networks. A list and opt-out options are available at aboutads.info and networkadvertising.org/choices.
• Children: Krawly is not directed at children under 13. We do not knowingly collect data from children, and we instruct ad networks not to serve personalised ads on requests we identify as originating from children.

Krawly does not pass personally identifiable information (PII) to advertising networks. The data shared with ad networks is limited to aggregated, non-identifying signals that are necessary for ad delivery and measurement.

9. Security

We implement industry-standard security measures including SSL/TLS encryption, secure password hashing, HSTS headers, CSRF protection, and regular security audits.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification.

11. Contact