Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how TopMonks s.r.o. ("TopMonks", "we", "us") collects, uses, stores, and protects your personal data when you use the ScrapeMonk platform and related services. ScrapeMonk is part of the Wistery product ecosystem.

We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR), the Czech Data Protection Act, and other applicable data protection laws.

2. Data Controller

TopMonks s.r.o.
Struhařovská 2931/9, 141 00 Praha 4, Czech Republic
Company ID (IČO): 24847437 · VAT ID: CZ24847437
Email: compliance@wistery.io

For privacy-related inquiries, contact us at compliance@wistery.io.

3. Personal Data We Collect

Account Data

When you create an account through our authentication provider (Auth0), we receive and store:

  • Email address
  • Display name
  • Profile picture URL
  • Auth0 user identifier

Usage Data

As you use the platform, we collect:

  • Job configurations and scraping parameters you create
  • Credit transaction history (top-ups, usage by job)
  • Notification preferences and history

Technical Data

We automatically collect:

  • IP address (used for rate limiting and security)
  • Browser type and version (via standard HTTP headers)
  • Error reports and application performance data (via Sentry), which may include your user identifier and email for debugging purposes

Marketing Website Analytics

Our marketing website (scrapemonk.io) uses Google Analytics to understand visitor traffic and improve content. Google Analytics collects anonymized usage data such as pages visited, referral sources, and device information. Google Analytics is not used within the ScrapeMonk application itself — only on the public marketing website. You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

4. How We Use Your Data

We process your personal data for the following purposes:

Purpose Legal Basis (GDPR Art. 6)
Providing and operating the ScrapeMonk servicePerformance of contract
Account creation and authenticationPerformance of contract
Credit management and billingPerformance of contract
Payment processingPerformance of contract
Transactional email communicationsPerformance of contract
Marketing website analyticsLegitimate interest
Rate limiting and abuse preventionLegitimate interest
Error monitoring and service reliabilityLegitimate interest
Security incident detection and responseLegitimate interest
Responding to your inquiriesPerformance of contract
Complying with legal obligationsLegal obligation

5. Data You Collect Through Our Service

ScrapeMonk enables you to collect publicly available data from websites. You retain full ownership of all data collected through the service, as stated in our Terms and Conditions. We process your job configurations and scraped data solely to provide the service you requested.

You are responsible for ensuring that your use of collected data complies with applicable laws, including data protection regulations where the collected data contains personal information. In particular:

  • Sensitive personal data — You must not use ScrapeMonk to systematically collect special categories of personal data as defined in GDPR Art. 9 (health data, political opinions, religious beliefs, sexual orientation, ethnic origin, etc.) or personal data of children (under 16), unless you have a valid legal basis and have obtained all necessary consents. We reserve the right to suspend access if we detect such activity.
  • Role as data controller — Where scraped data contains personal information, you act as the data controller and bear full responsibility for having a lawful basis for processing. ScrapeMonk acts solely as a data processor carrying out your instructions.
  • Data Processing Agreements — DPAs are available upon request for customers who process personal data through the service. Contact compliance@wistery.io.

6. Cookies and Local Storage

ScrapeMonk uses only strictly necessary and functional cookies and browser storage:

Storage Purpose Type
Auth0 session & tokensAuthentication and session managementStrictly necessary (localStorage)
Sidebar stateRemembers sidebar open/closed preferenceFunctional (cookie, 7-day expiry)
Theme preferenceRemembers light/dark mode selectionFunctional (localStorage)
Language preferenceRemembers your language choiceFunctional (localStorage)
Google Analytics cookies (_ga, _gid)Marketing website traffic analysisAnalytics (scrapemonk.io marketing site only)

We do not use advertising or tracking cookies. No third-party tracking cookies are set within the ScrapeMonk application.

7. Third-Party Services and Data Sharing

We share personal data with the following categories of service providers, solely for the purposes of delivering the ScrapeMonk service:

Authentication

  • Auth0 (Okta, Inc.) — Manages user authentication, credentials, and single sign-on. Processes your email, name, and profile picture. Auth0 maintains SOC 2 Type II certification. Data stored in US, with EU data residency options available.

Infrastructure

  • Amazon Web Services (AWS) — Hosts databases, application servers, and file storage (S3). AWS maintains ISO 27001 and SOC 2 certifications.
  • Hetzner Cloud — Hosts crawler worker infrastructure in European data centers (Germany). Workers process only publicly available web data, not customer personal data. Hetzner maintains ISO 27001 certification.
  • CloudFlare — Provides CDN and DDoS protection. Does not have direct access to customer data.

Payment & Communications

  • Stripe — Processes payments. Handles payment card details directly; we do not store card information on our servers.
  • SendGrid — Delivers transactional emails (e.g., account notifications). Processes your email address.

Error Monitoring

  • Sentry — Receives application error reports for service reliability. Error reports may include your user identifier and email for debugging purposes. Data stored in the US. Sentry maintains SOC 2 and GDPR compliance.

Analytics

  • Google Analytics — Used on the scrapemonk.io marketing website only. Collects anonymized browsing data. Not used within the ScrapeMonk application.

AI Processing

  • OpenAI, Anthropic, Google — Power AI-driven page classification and data extraction. These providers receive only publicly available web content being analyzed, not customer personal data or account information.

We do not sell your personal data to third parties. We notify customers 30 days before adding any new subprocessor. Data Processing Agreements (DPAs) are available upon request.

8. Data Residency and International Transfers

By default, your data is stored and processed in AWS US-East-1. EU customers can request data residency within EU regions (eu-west-1 or eu-central-1), ensuring all data — databases, file storage, and backups — remains within the European Union. Hetzner Cloud crawler workers always operate in European data centers (Germany).

Some service providers (Auth0, Sentry, Stripe, SendGrid, LLM providers) may process data in the United States. Where data is transferred outside the EU, transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service provider compliance with applicable data protection frameworks

9. Data Retention

Data Type Retention Period
Account dataDuration of your account; upon deletion request, soft-deleted immediately and permanently removed after 30 days
Job data and scraped contentRetained until explicitly deleted by user
Credit transaction historyDuration of your account, for billing records
Application logs90 days
Audit logs1 year
Error logs (Sentry)90 days
Database audit logs30 days

We maintain a three-copy backup strategy: primary production database, continuous automated backups, and geographically separated backup copies. Upon account deletion, we remove your personal data from active systems. AWS secure deletion procedures ensure deleted data cannot be recovered from underlying storage systems.

10. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all communications
  • Encryption at rest (AES-256) for stored data
  • Network segmentation and access controls
  • Rate limiting and abuse prevention
  • Regular security assessments

For detailed information about our security practices, refer to our Security Whitepaper.

11. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate personal data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Restriction — Request that we limit processing of your data
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at compliance@wistery.io. We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with a supervisory authority. The relevant authority for the Czech Republic is the Office for Personal Data Protection (ÚOOÚ), www.uoou.cz.

12. Third-Party Data Subject Concerns

If you believe that your personal data has been collected through the ScrapeMonk platform without a lawful basis, you may contact us at compliance@wistery.io. We will investigate the matter and, where appropriate, cooperate with you in exercising your rights against the responsible data controller (our customer). We are committed to collaborating with data protection authorities and affected individuals to resolve any concerns regarding personal data processed through our service.

13. Children's Privacy

ScrapeMonk is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at compliance@wistery.io.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify registered users of material changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact

For privacy-related questions, data subject requests, or concerns:

Email: compliance@wistery.io
General inquiries: sales@scrapemonk.io

If you believe your personal data has been processed through ScrapeMonk without proper authorization, please contact compliance@wistery.io. We will cooperate with you and relevant authorities to address the matter.