Privacy Policy

1. Our Privacy Commitment

At Scravity, we believe in minimal data collection and maximum transparency. Our business model does not depend on tracking, profiling, or monetizing user data. We built our stealth browser infrastructure with privacy as a core principle, not an afterthought.

2. Information We Collect

2.1 Data You Provide Voluntarily

We only collect personal information when you voluntarily provide it:

• Account Information: Email address, name (optional), and password hash when you register
• Payment Data: Billing information processed securely through Paddle (see Section 2.3)
• Communications: Content of messages or support tickets when you contact us

2.2 Data Collected Automatically

When you use our Services, our systems automatically generate limited technical logs:

• Session Request Logs: Timestamps, API endpoint accessed, response status codes, error messages (no session payloads or extracted content)
• Usage Metrics: Credit consumption, plan type, account creation date
• Security Logs: IP addresses (temporarily), login attempts, authentication events
• Device/Browser Info: Browser type, operating system (for troubleshooting compatibility issues only)

These logs are used exclusively for service maintenance, troubleshooting technical issues, detecting abuse, ensuring security, and improving reliability. They are never used for advertising, profiling, or behavioral tracking.

2.3 Payment Data (Processed by Paddle)

All payment transactions are processed by Paddle.com, who acts as our Merchant of Record. When you make a purchase:

• Payment card details and financial information are never stored on our servers
• All sensitive payment data is handled entirely by Paddle's secure infrastructure
• Paddle may collect additional information required for payment processing, tax compliance, and fraud prevention

For details on how Paddle handles payment data, please review Paddle's Privacy Policy.

3. Browser Session Content and Data Extraction

This is a critical distinction in how we operate:

• Data your sessions extract via our browser API is processed in real-time and transmitted directly to your application
• We have no ability to access, retrieve, or view extracted content after delivery
• No copies, caches, or backups of extracted data are created or retained
• The data you extract belongs to you; how you use it is your responsibility

The only exception is if our technical support team specifically requests permission to view a sample of your session output for debugging purposes — with your explicit consent and temporary access only.

4. How We Use Your Information

We use the limited data we collect solely for:

• Service Provision: Creating and managing your account, processing browser sessions, delivering services you paid for
• Security & Fraud Prevention: Detecting unauthorized access, preventing abuse, protecting our infrastructure from attacks
• Support: Responding to your inquiries, troubleshooting technical issues you report
• Legal Compliance: Fulfilling obligations under applicable laws, responding to lawful requests from authorities
• Service Improvement: Identifying bugs, optimizing stealth performance, planning feature development (using anonymized, aggregated data only)

We will never use your data for: targeted advertising, selling to third parties, building behavioral profiles, or credit/employment screening.

5. Cookies and Tracking Technologies

Our use of cookies and similar technologies is intentionally minimal:

5.1 Essential Cookies (Required)

• Session Cookies: Maintain your login state while using our website/dashboard
• Security Tokens: Protect against CSRF attacks and maintain secure sessions
• Preference Cookies: Remember your language or display settings (if applicable)

5.2 What We Don't Do

• ❌ No analytics cookies (Google Analytics, Mixpanel, etc.)
• ❌ No advertising or retargeting pixels
• ❌ No cross-site tracking or fingerprinting
• ❌ No social media tracking widgets

Essential cookies are strictly necessary for basic website functionality. Disabling them may prevent you from accessing your account or using certain features.

6. Third-Party Services

We integrate with a limited number of third-party services to operate our platform:

We carefully vet all third-party integrations for privacy practices. However, we are not responsible for the privacy practices of external services you choose to connect with Scravity (webhooks, integrations, etc.).

7. Data Retention and Deletion

We follow a principle of data minimization — keeping data only as long as necessary:

Upon account deletion, we permanently remove your personal data within the timeframes above, except where legal obligations require longer retention (e.g., tax records).

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of data processing (e.g., marketing — we don't do this, but the right exists)
• Restriction: Limit how we process your data in certain circumstances
• Withdraw Consent: Withdraw previously given consent at any time

To exercise any of these rights, email us at support@scravity.com. We will respond within 30 days (or sooner) with confirmation of actions taken or explanation if we cannot fulfill your request.

If you believe we have not adequately addressed your concern, you may have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption: All data transmitted to/from our browser API uses TLS 1.2+ encryption. Passwords are hashed with bcrypt/argon2
• Access Controls: Strict role-based access limits internal data access to authorized personnel only
• Auditing: Regular security assessments, dependency updates, and vulnerability scanning
• Infrastructure: Hosted on reputable cloud providers with SOC 2 / ISO 27001 certifications

While we strive for robust security, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we commit to promptly addressing any reported vulnerabilities.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete that information promptly. If you believe we have collected such data, please contact us immediately.

11. International Data Transfers

Our infrastructure and team may operate from multiple countries. By using our Services, you acknowledge that your data may be transferred to, stored, and processed in jurisdictions other than your country of residence, which may have different data protection laws.

We ensure appropriate safeguards are in place for such transfers, including reliance on cloud providers' Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognized mechanisms where required.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Changes will be indicated by updating the "Last updated" date at the top of this page.

Material changes will be communicated via email to registered users when feasible. We encourage you to review this page regularly. Continued use of our Services after changes constitute acceptance of the updated policy.