Privacy Policy

Last updated: March 2026

xtrct ("we", "us", "our") operates the xtrct web scraping API available at xtrct.io. This policy explains how we collect, use, and protect your information.

Information we collect

• Account data — your email address when you sign up for an API key.
• Usage data — URLs submitted for scraping, output formats requested, credits consumed, job results, and timestamps. This is necessary to provide the service.
• Billing data — payment is handled by Stripe. We store your Stripe customer ID and subscription ID. We never store card details.
• Log data — server logs including IP addresses, request timestamps, and HTTP status codes for security and debugging purposes.

How we use your information

• To provide and operate the API service
• To send you your API key and account-related emails
• To process payments and manage your subscription
• To detect and prevent abuse
• To improve the service

Data retention

Scrape job results are retained for 30 days, after which they are automatically deleted. Account data is retained for as long as your account is active. You may request deletion of your account and data at any time by emailing [email protected].

Third-party services

• Stripe — payment processing. Stripe's privacy policy applies to payment data.
• Railway — cloud hosting provider. Infrastructure is hosted in the EU.
• Neon — managed PostgreSQL database hosting.
• Resend — transactional email delivery.

Cookies

We do not use tracking cookies. Your API key may be stored in your browser's localStorage for convenience, which you can clear at any time.

Your rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at [email protected].

Changes

We may update this policy from time to time. We'll notify you by email if changes are material.

Contact

Questions? Email [email protected].