Privacy Policy

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Noscrape processes personal data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

Personal data is processed only to the extent necessary for providing the platform, the API, technical security, contract performance and compliance with legal obligations.

The legal bases for processing may include in particular Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(c) GDPR (legal obligations) and Art. 6(1)(f) GDPR (legitimate interests regarding security, stability and abuse prevention).

The platform is primarily intended for businesses, developers and professional users.

Noscrape does not permanently store API request contents. Obfuscated content, JSON data and transmitted texts are generally not stored persistently.

Generated font files may be stored temporarily or delivered through a CDN depending on the selected subscription plan. Such files are automatically deleted after the applicable retention period expires.

For technical operation and security purposes, technical metadata such as IP address, request timestamp, user agent, rate limit information or error messages may be processed. API request contents themselves are generally not stored in log files.

No automated decision-making within the meaning of Art. 22 GDPR, profiling or AI-based user tracking takes place.

The use of certain functions may require the provision of personal data. Without such data, certain services may not be available.

The services are not intended for minors.

Personal data is generally processed within the European Union (EU) or the European Economic Area (EEA).

The Noscrape platform and API are operated on infrastructure located within Germany.

Cloud servers, load balancers and storage services provided by hosting providers within the European Union are used to technically provide the services.

As part of the hosting process, technically necessary data such as IP addresses, network and connection data as well as system and error logs may be processed.

A content delivery network (CDN) may be used for the delivery of generated font files. Depending on the technical delivery process, data may be transferred through globally distributed servers.

Where legally required, data processing agreements pursuant to Art. 28 GDPR are concluded with involved service providers.

Technical monitoring, health check and diagnostic systems may be used to ensure stability, security and availability.

Security copies and backups may be stored in encrypted form within the European Union.

For self-hosted on-premise installations, the customer is generally responsible for operation, infrastructure, data security and backups.

When accessing the platform or API, technical access data is automatically processed and stored in so-called server log files.

Processed data may include in particular IP address, request timestamp, HTTP method, requested URL, status code, user agent, technical device information, API-related metadata as well as rate limit and error information.

API request contents, transmitted texts and JSON payloads are generally not stored in log files.

Log data is processed to ensure stability, security and availability of the services as well as for error analysis, abuse detection, attack detection and technical administration.

The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in the secure and stable operation of the platform).

Server log data is generally not merged with other data sources.

Technical log data is generally stored for a maximum of 30 days unless longer retention is required for security, abuse prevention or legal reasons.

To improve security, automated systems for detecting technical anomalies, attacks or abusive usage may be implemented in the future.

The creation of a user account may be required to use certain functions of the platform.

At present, only the user’s email address is generally processed during registration.

For paid subscription plans, additional billing and payment data such as company name, billing address, country or VAT ID may be processed.

Authentication is carried out באמצעות time-limited one-time codes sent to the registered email address. Traditional password storage is currently not used.

Users may manage multiple API keys. API keys are generally not stored in plain text for security reasons.

Technical metadata related to API keys, such as creation date, last usage timestamp or labels, may be processed.

The platform is primarily intended for businesses, developers and professional users.

Users are responsible for keeping access credentials and API keys confidential and protected against unauthorized access.

User accounts may be deactivated where required for technical, security-related or contractual reasons.

In the event of a complete account deletion, personal data will generally be deleted unless statutory retention obligations apply.

Legally required retention obligations, in particular under tax and commercial law, remain unaffected.

Login to Noscrape is currently performed using time-limited one-time codes sent to the registered email address.

One-time codes are currently valid for 10 minutes and are used solely to authenticate the respective user.

Login emails generally do not contain sensitive content other than the respective one-time code.

Technically necessary session cookies are used to manage authenticated sessions.

Technical information such as IP address, user agent, login timestamp and security-related metadata may be processed.

Rate limits and additional security mechanisms may be used to protect against abuse, automated login attempts and brute-force attacks.

Users can manage and delete API keys themselves.

Third-party login or social login providers are currently not used.

Processing is carried out to provide secure authentication functions, to perform the contract and based on legitimate interests in security and abuse prevention pursuant to Art. 6(1)(b) and Art. 6(1)(f) GDPR.

For paid services, Noscrape processes billing and payment-related data of the respective user.

Processed data may include company name, personal name, billing address, country, VAT ID and email address.

Payment processing is carried out through external payment service providers, currently in particular Mollie.

Depending on the selected payment method, additional data may be processed by the payment provider for credit card, SEPA, PayPal or other online payment transactions.

Noscrape generally does not store complete credit card or payment information.

Invoices are generated electronically and made available within the user account.

Processing is carried out for the performance of paid services, invoicing and compliance with legal obligations pursuant to Art. 6(1)(b) and Art. 6(1)(c) GDPR.

Payment service providers may independently perform fraud prevention, risk analysis and payment validation procedures.

Billing and tax-relevant data is stored in accordance with applicable legal retention obligations.

No payment information is generally required for free or demo access.

In the event of refunds or payment adjustments, the necessary payment and transaction data may be processed for this purpose.

The Noscrape API may be used to process text and JSON-based content in particular.

Submitted content may contain personal data. Users are solely responsible for deciding which data is processed through the API.

Content is processed exclusively for the technical execution of the requested obfuscation.

No content analysis, AI training, profiling, advertising evaluation or other automated assessment of submitted data takes place.

Content is processed only temporarily as part of the technical processing workflow, in particular within memory, worker or queue systems.

Submitted content, texts and JSON payloads are generally not stored permanently.

Generated font files may be stored temporarily and delivered through CDN systems depending on the selected subscription plan.

The availability and retention period of generated font files may vary depending on the selected plan.

Generated font files are generally deleted automatically after the applicable retention period expires.

For abuse detection, rate limiting and system security purposes, technical metadata such as IP addresses or API token metadata may be processed.

For paying business customers, a data processing agreement (<a href="https://noscrape.eu/en/avv" class="font-bold text-blue-600">DPA</a>) pursuant to Art. 28 GDPR may be concluded upon request.

Where Noscrape processes personal data on behalf of customers, such processing is carried out solely as a data processor within the meaning of the GDPR.

For self-hosted on-premise installations, all processed data generally remains entirely within the customer’s own infrastructure.

The public demo API is not intended for the processing of sensitive or confidential personal data.

The Noscrape website and platform use technically necessary cookies and comparable storage technologies.

These technologies are used in particular to provide essential functions such as session management, security, language selection, CSRF protection and the technical operation of the platform.

This may include session cookies, security cookies and temporary language settings.

The API itself is generally token-based and does not use authentication cookies.

In addition, browser-side storage mechanisms such as Local Storage or Session Storage may be used by frontend technologies integrated into the platform.

The use of technically necessary cookies is based on Section 25(2) TTDSG and Art. 6(1)(f) GDPR.

Currently, no tracking, marketing or third-party cookies are generally used.

If analytics, statistics or marketing services are integrated in the future, additional consent may be obtained where required.

Users may configure browser settings to restrict or delete cookies. However, certain platform functions may no longer operate correctly as a result.

When contacting Noscrape, for example via contact forms or email, the data submitted by the user is processed.

This may include in particular name, email address, company name and the respective message.

Processing is carried out for handling the request, technical communication and the implementation of pre-contractual or contractual measures.

The legal basis for processing is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

Communication with Noscrape generally takes place via regular electronic communication channels such as email.

Requests and communication data may be stored for as long as necessary for processing, documentation or legal and business purposes.

Technical security measures may be used to detect abuse, spam or attacks.

Users may voluntarily submit files or attachments as part of support or contact requests.

Currently, no external support or helpdesk platforms are used.

At present, no newsletters or marketing email campaigns are generally sent.

Additional communication-related data may be processed in the context of business communication, technical integrations, support services or enterprise-related inquiries.

Personal data is generally processed only to the extent necessary for providing the platform, the API or fulfilling legal obligations.

Recipients of personal data may in particular include technical hosting, infrastructure, CDN, payment or communication service providers.

This may include hosting providers, CDN providers or payment service providers, for example.

Personal data is disclosed only to the extent necessary.

Service providers are carefully selected and, where legally required, engaged on the basis of data processing agreements pursuant to Art. 28 GDPR.

Personal data is not sold or commercially shared with third parties.

Where possible, personal data is processed within the European Union or the European Economic Area.

If processing outside the EU or EEA becomes necessary in the future, this will only take place in compliance with applicable data protection requirements.

Personal data is disclosed to authorities or public bodies only where a legal obligation exists.

In the event of corporate restructurings, mergers or other business changes, data may be transferred to the extent permitted by law.

Personal data is generally stored only for as long as necessary to provide the services, perform contractual obligations or comply with legal requirements.

Submitted API content, texts and JSON data are generally not stored permanently and are removed after the technical processing has been completed.

Generated font files may be stored temporarily depending on the selected subscription plan and are subsequently deleted automatically.

Technical log data is generally stored for a maximum of 30 days unless longer retention is required for security, abuse prevention or legal reasons.

Billing and tax-related data is retained in accordance with applicable legal retention obligations.

Support and communication data may remain stored for as long as necessary to process the request or for business and legal purposes.

Deactivated user accounts may continue to be stored unless complete deletion is requested.

API keys are immediately invalidated or removed upon deletion or deactivation.

Deleted data may temporarily remain in encrypted backups or security copies until such backups are automatically overwritten or deleted.

Statutory retention obligations remain unaffected by deletion requests.

Users may request the deletion of personal data within the limits of applicable law.

Data subjects have the following rights regarding their personal data within the scope of applicable legal provisions.

These rights include in particular the right of access, rectification, deletion, restriction of processing and the right to data portability.

Data subjects also have the right to object to the processing of personal data for reasons arising from their particular situation.

Where processing is based on consent, such consent may be withdrawn at any time with effect for the future.

Data protection-related requests may be submitted at any time via info@noscrape.eu.

Noscrape may require appropriate proof of identity before processing data protection requests.

Requests are processed in accordance with applicable legal requirements.

Certain rights may be subject to legal restrictions or statutory retention obligations.

Where technically feasible and legally required, personal data may be exported or provided upon request.

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

Data subjects also have the right to lodge a complaint with a competent data protection supervisory authority regarding the processing of personal data.

Noscrape implements technical and organizational security measures to appropriately protect personal data and technical systems.

Communication with the platform and API is generally encrypted using current TLS/HTTPS technologies.

To protect the systems, access restrictions, API keys, rate limits and additional technical security mechanisms may be used.

Security copies and backups may be stored in encrypted form.

Regular security updates, infrastructure maintenance and updates of integrated software libraries may be performed to maintain system security.

Despite careful selection and maintenance of third-party software and libraries, complete protection against vulnerabilities, supply-chain attacks or other external security risks cannot be guaranteed.

Noscrape does not guarantee absolute protection against scraping, automated data collection, OCR techniques, AI-based content analysis or other circumvention methods.

Users are responsible for keeping access credentials, API keys and other authentication information confidential and protected against unauthorized access.

Security-related reports or potential vulnerabilities may be reported at any time via info@noscrape.eu.

For self-hosted on-premise installations, the customer is generally responsible for infrastructure hardening, access control, network security and system operation.

Noscrape reserves the right to modify or update this Privacy Policy with effect for the future.

Changes may become necessary in particular due to technical developments, new features, changes in legal requirements or new services.

The version of the Privacy Policy valid at the time of use shall apply.

Material changes may additionally be communicated via email or within the platform.

The date of the latest update is stated within this Privacy Policy.

Previous versions of the Privacy Policy may be archived where necessary.