سياسة الخصوصية

Last updated: 2025-01-01

This Privacy Policy explains how CrawlBot AI ("we", "us", "our") collects, uses, and safeguards information when you use our website, platform, APIs, and related services (collectively, the "Services").

1. Information We Collect

1.1 Account & Tenant Data

Information you provide when creating an account or tenant, including name, email address, organization, and role assignments.

1.2 Crawled & Indexed Content

Public web pages and documents you authorize us to crawl. We store processed text, extracted metadata (including schema.org), embeddings, and indexing artifacts. Private or gated content is only processed if explicitly uploaded or integrated (future feature).

1.3 Chat & Interaction Data

End-user chat messages, AI responses, citations, feedback flags, usage events (impressions, opens, messages), and anonymized analytical metrics.

1.4 Technical & Log Data

IP addresses, user agent, timestamps, request IDs, latency metrics, response codes, and operational diagnostics for security, reliability, and abuse detection.

1.5 Billing & Subscription Data

Plan selections, usage counters, invoice status, entitlement state. All payment processing is handled by Stripe; we do not store full card numbers.

2. How We Use Information

  • Provide and operate the Services (crawl, index, answer, embed, analytics)
  • Improve retrieval quality, ranking, and hallucination prevention
  • Detect abuse, fraud, security anomalies, and system misuse
  • Send administrative and service notifications
  • Enforce plan limits, trials, and subscription status
  • Optimize performance, scaling, and reliability

3. Legal Bases (EEA/UK)

Our processing is based on: contract performance, legitimate interests (security, improvement), legal compliance, and consent where explicitly requested (e.g., marketing opt-ins).

4. Data Retention

Default retention: chat logs & analytics 90 days, configuration & audit 365 days. Tenants may request shorter or (where enabled) longer retention up to defined limits.

5. Security

We implement encryption in transit and at rest, tenant isolation, role-based access control, secret management (GCP Secret Manager), audit logging, and regular threat modeling.

6. Data Sharing & Subprocessors

We use select infrastructure and service providers (e.g., Google Cloud Platform, MongoDB Atlas, Qdrant Cloud, Stripe, SendGrid). Each is under contract with appropriate data protection terms. We do not sell personal data.

7. International Transfers

Data may be processed in the United States. Where required, transfer mechanisms (e.g., SCCs) are applied.

8. Your Rights

Depending on jurisdiction, rights may include: access, correction, deletion, restriction, portability, and objection. Contact us to exercise these rights. We will authenticate requests and respond within statutory timelines.

9. Cookies & Tracking

We use essential cookies and limited analytics. No third-party advertising networks. Future cookie consent interfaces will appear where legally required.

10. Children

The Services are not directed to children under 16. We do not knowingly collect data from minors. If discovered, we will delete it.

11. Changes

We may update this policy for legal, technical, or operational reasons. Material changes will be announced via dashboard or email notice.

12. Contact

For privacy inquiries or rights requests: privacy@crawlbot.ai