Privacy Policy

1. Introduction

Quality Network US LLC ("FineData," "we," "us," or "our") operates the FineData.ai web scraping API platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at finedata.ai, use our API services, or interact with us in any way.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data We Collect

2.1 Personal Data — Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Company name (if provided)
• Password (stored as a salted hash — we never store plaintext passwords)

2.2 Personal Data — Billing Information

When you subscribe to a paid plan, we collect:

• Payment method details (processed and stored by Stripe — we do not store full card numbers)
• Billing address
• Transaction history and invoice records

2.3 Personal Data — Technical Identifiers

When you use our API or visit our website, we may collect:

• IP address of the API caller or website visitor
• API key identifiers
• Support communications and emails

2.4 Non-Personal Data — Usage Metrics

We automatically collect the following operational data:

• API request metadata (timestamps, endpoints called, response status codes, token consumption)
• Target URLs requested (for rate limiting and abuse prevention)
• Error logs and performance metrics

2.5 Non-Personal Data — Website Analytics

When you visit our website, we may collect anonymized data:

• Browser type and version
• Operating system
• Pages visited and time spent
• Referring URL
• Approximate geographic location (country/region level, derived from IP)

3. Purpose, Legal Basis, and Retention

The following table maps each category of data we collect to its purpose, legal basis for processing, and retention period:

Where we rely on legitimate interest, we have conducted balancing tests to ensure our interests do not override your fundamental rights. You may request details of these assessments by contacting support@finedata.ai.

4. Data We Do Not Collect or Store

5. AI and Automated Processing

Our Service includes AI-powered features for structured data extraction. We are transparent about how AI interacts with your data:

• No model training on your data. We do not use the content of your API requests or responses to train, fine-tune, or otherwise improve any machine learning or AI models. Your scraping data is never incorporated into training datasets.
• Real-time processing only. AI features process web page content in real time to extract structured data. Content is not stored, cached, or logged beyond the immediate delivery of your API response.
• Aggregated service analytics. We use anonymized, aggregated metrics (request volumes, feature adoption, error rates) to improve our service. This data cannot identify individual users or their scraping targets.
• No automated decision-making about individuals. We do not use AI or automated processing to make decisions that produce legal effects concerning you or significantly affect you (within the meaning of GDPR Article 22). Our AI features are data extraction tools under your control.

6. Third-Party Services

We use the following third-party services that may process your data:

7. Cookies and Tracking

We use a minimal set of cookies:

• Essential cookies — required for authentication, session management, and security. These cannot be disabled.
• Analytics cookies — help us understand how visitors use our website. These are anonymous and can be opted out of.

We do not use advertising cookies, social media tracking pixels, or any form of cross-site tracking. We do not participate in ad networks or sell browsing data.

8. Data Retention

• Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
• Billing records: Retained for 7 years as required by tax and accounting regulations.
• API usage logs: Aggregated usage data is retained for up to 12 months. Detailed request logs (including target URLs) are retained for up to 90 days for abuse prevention and support purposes, then automatically purged.
• Website analytics: Retained for up to 12 months in anonymized form.

9. Data Security

We implement industry-standard security measures to protect your data:

9.1 Technical Measures

• All data in transit is encrypted with TLS 1.2+
• Data at rest is encrypted using AES-256
• API keys are hashed and never stored in plaintext
• Access to production systems is restricted to authorized personnel with multi-factor authentication
• Network segmentation and firewall protection
• Regular security audits and dependency vulnerability scanning
• Automated intrusion detection systems

9.2 Organizational Measures

• Access to personal data is restricted on a need-to-know basis
• Regular security training for all team members
• Vendor security assessments for all sub-processors

9.3 Incident Response

We maintain a documented incident response process. In the event of a security breach involving personal data:

• We will notify affected users without undue delay, and within 72 hours where required by law (aligned with GDPR Article 33)
• We will provide details about the nature and scope of the breach, likely consequences, and measures taken to address it
• We will cooperate with relevant regulatory authorities as required

While we take all reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Quality Network US LLC is based in the United States. When you use our services, your personal data may be transferred to and processed in the United States and other countries where our infrastructure is located.

To ensure adequate protection for data transferred from the EEA/UK, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs) — We use the European Commission's Standard Contractual Clauses as the primary mechanism for EU/EEA data transfers
• Supplementary measures — Encryption of data in transit and at rest, access controls, and continuous monitoring
• Hosting regions — Our primary infrastructure is hosted in EU (Frankfurt) and Germany via AWS and Hetzner. Only billing and account management may involve US-based processing

For detailed information about our international data transfer mechanisms, see our GDPR Compliance page.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction / Rectification — request correction of inaccurate or incomplete data
• Deletion / Erasure — request deletion of your personal data (subject to legal retention requirements)
• Portability — receive your data in a structured, machine-readable format (JSON or CSV)
• Restriction — request that we limit processing of your data in certain circumstances
• Objection — object to processing of your data based on legitimate interest
• Withdraw Consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
• Opt-Out — opt out of marketing communications at any time via unsubscribe links or by contacting us. We do not sell personal data, so no opt-out for data sales is necessary
• Lodge a Complaint — file a complaint with a supervisory authority in your jurisdiction if you believe your rights have been violated

To exercise any of these rights, contact us at support@finedata.ai. We will respond within 30 days (extendable to 90 days for complex requests, with notice).

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act (CCPA/CPRA) provide you with additional rights regarding your personal information. You have the right to:

• Know what personal information we collect about you and how it is used
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To make a CCPA request, email support@finedata.ai with the subject line "CCPA Request." We will verify your identity before processing the request.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with enhanced data protection rights. For detailed information about our GDPR compliance, please see our dedicated GDPR Compliance page.

Our legal bases for processing personal data include: performance of a contract (providing services you've requested), legitimate interest (improving our services, preventing fraud), consent (where you've opted in), and legal obligation (tax and regulatory compliance).

14. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at support@finedata.ai.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and by posting a notice on our website. We encourage you to review this page periodically. Continued use of our services after changes are posted constitutes your acceptance of the revised policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us: