ScrapCarAI Privacy Policy

Last updated: October 13, 2025

ScrapCarAI (“we”, “our”, “us”) builds infrastructure that helps mobility partners analyse publicly available rental-car offers. This policy explains how we collect, use, and safeguard information when you interact with our websites, APIs, dashboards, or support channels (collectively, the “Services”).

By using the Services you agree to this policy. If you do not agree, please discontinue use.

1. Information We Collect

1.1 Information you provide directly

  • Account data. Name, business email address, company details, billing contacts, tax/VAT numbers, proxy configuration preferences, and any other fields supplied during signup or onboarding.
  • Support communications. Information you share when contacting us via chat, email, or ticketing systems.
  • Payment information. Subscription plan, billing address, and transaction identifiers. We use a payment processor and do not store full card numbers.

1.2 Information collected automatically

  • Usage and telemetry data. IP address, browser type, operating system, timestamps, API request metadata, feature usage, and error reports from clients or SDKs.
  • Device data. Identifiers associated with your workspace or agent nodes to enforce rate limits, audit jobs, and detect abuse.

1.3 Data processed on your behalf

Scraped content. Structured results you request from third-party websites (“Source Sites”). You are responsible for ensuring you have a legal basis to request that data. We process it solely to deliver the Services and store it in your workspace.

2. How We Use Information

  • Provide, maintain, and improve the Services.
  • Authenticate users, authorise workspace access, and prevent fraud or misuse.
  • Send operational communications such as provisioning notices, billing updates, and service alerts.
  • Deliver customer support and investigate issues.
  • Comply with legal or regulatory obligations and enforce our agreements.
  • Perform aggregated, de-identified analysis for product improvements and capacity planning.

3. Legal Bases for Processing (EEA/UK)

We process personal data under legal bases including performance of a contract (providing the Services), legitimate interests (securing infrastructure, analytics), consent (marketing communications, optional beta features), and compliance with legal obligations.

4. Sharing and Disclosure

We do not sell personal data. We may share information with:

  • Service providers supporting hosting, storage, payment processing, email delivery, analytics, or customer support, under written agreements.
  • Professional advisors such as lawyers, accountants, or auditors.
  • Authorities when required to respond to lawful requests or protect rights.
  • Successors in connection with a merger, acquisition, or reorganisation.

Aggregated or de-identified data may be shared for research, benchmarking, or product insights, provided it does not identify individuals.

5. Data Retention

Account and subscription data is retained for the duration of the customer relationship and as required for legal or contractual obligations. Scraped datasets remain available until you delete them or close your workspace. Security and audit logs are retained for up to 18 months unless needed longer to investigate incidents.

6. International Transfers

We operate from the EU and may engage providers in other jurisdictions. When transferring personal data outside the EU/EEA or UK, we rely on safeguards such as Standard Contractual Clauses and ensure recipients offer adequate protection.

7. Security

We maintain administrative, technical, and physical safeguards including network segmentation, encrypted storage, access controls, and regular security reviews. No system is 100% secure; please use strong credentials, rotate API keys, and review audit logs. Notify us promptly of any suspected breach.

8. Your Rights

Depending on your location you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing. You may withdraw consent for communications at any time. Contact us using the details below and we will respond in accordance with applicable law. You may also lodge a complaint with your supervisory authority.

9. Cookies and Similar Technologies

We use necessary cookies for authentication, session management, and fraud prevention. Optional analytics or performance cookies are set only with your consent. Manage preferences via browser settings or in-product controls.

10. Third-Party Links and Source Sites

The Services may reference Source Sites or other third-party resources. Their privacy practices govern any data you provide directly to them. We are not responsible for changes they introduce to content, markup, anti-automation controls, or data handling.

11. Children’s Privacy

The Services are not directed to individuals under 18 and we do not knowingly collect personal data from children. If you discover a child has provided personal data, contact us so we can delete it.

12. Changes to this Policy

We may update this Privacy Policy for legal, technical, or business reasons. We will publish the revised version with an updated “Last updated” date and, if changes are material, provide additional notice. Continued use of the Services after the update constitutes acceptance.

13. Contact Us

For privacy inquiries or rights requests, contact:

[email protected]