Privacy Policy

What we collect

• Account data: Email address and hashed password (via Supabase Auth). We never store plaintext passwords.
• API keys: Stored as SHA-256 hashes. The plaintext key is shown once at creation and never stored.
• Request logs: URL, domain, engine tier used, status code, latency, and success/failure. Retained for 30 days, then deleted.
• Usage data: Monthly aggregates of requests per engine tier for billing purposes.
• Payment data: Processed by Stripe. We store only your Stripe customer ID, never card numbers.

What we don't collect

• We do not store the content of pages you scrape. HTML is processed in memory and discarded after extraction.
• We do not sell or share your data with third parties.
• We do not use your scrape data for training models or analytics beyond usage metering.

Analytics

We use Google Analytics (GA4) to measure page views and traffic sources on the landing site. No analytics are applied to API requests or scraped content.

Data retention

• Request logs: 30 days
• Usage records: Indefinite (monthly aggregates only)
• Account data: Until you request deletion

Your rights

You can request deletion of your account and all associated data by emailing support@dreamscrape.app. We will process deletion requests within 30 days.

Security

All API traffic is encrypted via HTTPS/TLS. API keys are SHA-256 hashed. Auth uses timing-safe comparison. Brute-force protection is enabled. See our docs for technical security details.

Contact

Questions about privacy? Email support@dreamscrape.app.