Privacy Policy

What We Collect

• Account data: Email address and hashed password (via Supabase Auth)
• Usage data (if telemetry enabled): Feature usage counts, error rates. No research content.
• Payment data: Processed by Stripe. We never see your card number.

What We Do NOT Collect

• Your research queries or search terms (unless telemetry set to "Improve")
• Entity names or graph data
• Document content
• Your IP address (not logged)

Where Your Data Lives

Your research data is stored in Supabase (hosted on AWS). If you self-host, your data stays entirely on your infrastructure.

Your Rights (GDPR / CCPA)

• Access: Export your data anytime (Settings → Export)
• Delete: Delete your account and all data (Settings → Danger Zone)
• Portability: Export to Obsidian, CSV, GraphML, STIX 2.1
• Opt-out: Set telemetry to "Off" in Settings

Data Sharing

We do not sell, share, or provide your data to any third party. Period. The only exception: if legally compelled by court order, we will notify you first (unless prohibited by law).

Cookies

Super Scraper uses localStorage (not cookies) for session persistence and preferences. No tracking cookies, no third-party analytics, no ad networks.

Search Cache

OSINT search results may be cached for up to 2 hours to improve performance. Cached data contains only public record results, not user identity information. Cache is shared across users for the same public queries.

Contact

Privacy questions: Open a GitHub issue

GDPR Data Protection requests: Include "GDPR Request" in subject line.