Refetch(er) logo Refetch(er)
Get API key
Platforms Playground Pricing Documentation Contact
Sign in Get API key

Privacy Policy

Last updated: June 7, 2026. Your privacy and data security are core priorities for us.

This Privacy Policy describes how Refetch(er) ("we", "us", or "our") collects, uses, and discloses your information when you create an account, register API keys, and use the Refetch(er) scraper API service ("Service").

We build tools for developers, and our data practices are designed to be transparent, minimal, and secure. We only collect the information necessary to authenticate your requests, log usage details for billing verification, and keep the API running efficiently.

2. Information We Collect

We collect and process the following categories of data in connection with the Service:

  • Account Information: Email address, password hashes, and email verification status. If you sign in via Google OAuth, we retrieve your verified email and profile name as returned by Google.
  • Billing Details: Records of prepaid credit top-ups, transaction logs, spent amounts, current balance states, payment provider ids, currency, and country-routing metadata in our SQLite database. We do not collect or store credit card numbers - checkout transactions are securely handled off-site by Razorpay, PayPal, or a configured fallback payment provider.
  • Scraper API Request Logs: For billing audit trails and security, we log details of requests made using your API keys, including:
    • Presented API key hashes (we never store raw API keys).
    • HTTP request size, latency, response status codes, and timestamps.
    • Target URLs submitted for scraping.

3. How We Use Your Information

We use the collected information for the following specific purposes:

  • Service Access: To verify your identity, process session authentication cookies, and enable dashboard and playground access.
  • Billing Enforcement: To calculate request debits dynamically at execution time and record transactional balance reductions.
  • Performance Optimization: To monitor dispatch routing times, scale worker resources on AWS, and diagnose scraping errors.
  • Abuse Prevention: To enforce rate limits, detect bot networks attempting to attack the dispatcher, and ensure compliance with our terms.

4. Sharing and Disclosure

We maintain a strict policy against selling your personal data. We disclose information only under the following limited circumstances:

  • Upstream Cloud Workers (AWS): When you submit a public post URL, the dispatcher sends the URL to our scraper workers running on AWS Lambda. We do not attach your account email or identity metadata to these scraping requests.
  • Legal Obligations: We may disclose data if required to do so by law or in response to valid legal requests by public authorities (such as a court or government agency).

5. Data Protection & Retention

We implement appropriate technical security measures to protect your information:

  • All browser interactions and API requests are encrypted in transit using standard Transport Layer Security (TLS/HTTPS).
  • API keys are stored in the database as secure SHA-256 hashes. If a key is leaked or compromised, it can be revoked instantly from the dashboard.
  • We retain request logs and transaction histories as SQLite database entries to provide billing audit trails. You may request account deletion by contacting us at support, in which case we delete your account identity rows.

6. Cookies & Sessions

Refetch(er) uses cookies solely for necessary session authentication purposes:

  • Dashboard Session Cookie: We set a cookie (refetcher_session) containing a cryptographically secure, random session token. This cookie is flagged as HttpOnly (inaccessible to browser JavaScript) and uses SameSite=Strict rules. It is served with the Secure attribute on production HTTPS hosts.
  • OAuth State Cookie: A temporary state cookie is used during Google Sign-in to protect against Cross-Site Request Forgery (CSRF). It is deleted immediately after the sign-in redirect flow completes.