scraper-api.com
DE

Privacy policy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter “data”) when using scraper-api.com, as well as about your rights under the General Data Protection Regulation (GDPR).

1. Controller

The controller within the meaning of the GDPR for the processing of your data is:

B A Media Group FZE LLC
Business Centre, Sharjah Publishing City Free Zone
Sharjah
United Arab Emirates
Email: contact@bamg.ae

You can find further information about the controller in the legal notice.

2. What data we process

We process personal data only to the extent necessary to provide our service and to operate your account. In particular:

• Account data: the email address used for sign-in, your plan and credit balance, and account metadata.

• API usage data: the endpoints you call, timestamps, request counts and credit consumption, associated with your API keys.

• Payment data: the data required to process payments, handled directly by our payment provider Stripe; full card details are not stored on our systems.

• Communication data: the content and metadata of your support requests.

• Server log data: technical access data such as IP address, time of access, requested resource and browser/OS information.

3. Purposes and legal bases

• To perform the contract and provide the API (Art. 6(1)(b) GDPR).

• To comply with legal obligations, e.g. retention under commercial and tax law (Art. 6(1)(c) GDPR).

• To safeguard our legitimate interests in secure, stable and abuse-free operation (Art. 6(1)(f) GDPR).

• On the basis of your consent where given (Art. 6(1)(a) GDPR).

4. Authentication (Auth0)

Sign-in is handled via Auth0 (Okta, Inc.). When you log in, your email address and authentication metadata are processed to establish and secure your session. The legal basis is performance of the contract and our legitimate interest in secure authentication (Art. 6(1)(b) and (f) GDPR).

5. Hosting (AWS)

Our services are operated on Amazon Web Services (AWS). Technically necessary data is processed in server log files to ensure delivery, stability and security. The legal basis is our legitimate interest in a secure and functional service (Art. 6(1)(f) GDPR). A data processing agreement pursuant to Art. 28 GDPR is in place.

6. Payment processing (Stripe)

Payments are processed via Stripe (Stripe Payments Europe, Ltd. and affiliates). The required data – in particular name, email and payment/billing details – is transmitted to Stripe and processed under its own responsibility. Legal basis: performance of the contract and our legitimate interest in secure, fraud-free payment (Art. 6(1)(b) and (f) GDPR).

7. Email delivery (Amazon SES / Resend)

To send transactional emails (account, purchase confirmations, notifications) we use an email delivery provider (Amazon SES or Resend). Your email address and the associated message data are processed. Legal basis: performance of the contract and our legitimate interest in reliable communication (Art. 6(1)(b) and (f) GDPR).

8. Recipients and processors

Your data is only transmitted where necessary to perform the contract, where legally required, or with your consent. Processors include: the hosting provider (AWS), the authentication provider (Auth0), the payment provider (Stripe) and the email provider (Amazon SES or Resend). We conclude agreements pursuant to Art. 28 GDPR.

9. Transfers to third countries

The controller (B A Media Group FZE LLC) is based in the United Arab Emirates (a third country). Some providers may process data in third countries, in particular the USA. Any transfer takes place only under Art. 44 et seq. GDPR, e.g. on the basis of an adequacy decision, standard contractual clauses, or your consent.

10. Retention period

We store personal data only for as long as necessary for the stated purposes. Account and billing data is retained for the duration of the relationship and, beyond that, within statutory retention periods (generally up to 10 years). Server log data is stored only briefly and then deleted or anonymised.

11. Your rights

Under the GDPR you have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21) and withdrawal of consent (Art. 7(3)).

To exercise your rights, an informal message to the contact details above is sufficient.

12. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe the processing of your data infringes the GDPR (Art. 77 GDPR).

Last updated: 2026-07-17