Scrapium Privacy Policy
 

Controller:  Parlinx Tech OÜ  

Registry code: 17489962  

Address: Mustamäe tee 5, Kristiine linnaosa, Tallinn, 10616, Harju maakond, Estonia  

​

(hereinafter referred to as “we”, “us”, “our”, or “Controller”)

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website, register for an account, or use our proxy services (the “Services”). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Estonian data protection laws

We collect only the data necessary to provide, secure, and improve our Services, and to comply with legal obligations. Because we do not operate recurring payments, we do not store continuous payment authorisations.

 1.1 Data you provide directly

- Account information: Email address, username, and password (hashed).

- Payment information: One‑time payment details. We do not store full credit card numbers; payments are processed via a third‑party payment processor (e.g., bank transfer, cryptocurrency, or card processor). We may retain a payment reference, date, amount, and the last four digits of a card if applicable.

- Communications: Any information you send us via email (privacy@scrapium.app) or support requests.

 1.2 Data collected automatically

- Usage data for Service operation: Minimal technical metadata (e.g., your originating IP address at the time of connection, connection timestamps, volume of traffic) strictly for network security, anti‑abuse, and troubleshooting. We do not log the content of your traffic, the websites you visit, or the destinations you reach through the proxy.

- Website usage: Standard web server logs (IP address, browser type, referrer, pages visited) when you access our website.

 1.3 No sensitive data

We do not intentionally collect special categories of personal data (e.g., health, political opinions, biometric data). Please do not share such information with us.

We process your personal data under the following legal bases:

• Providing the proxy Service

• Processing one‑time payments

• Preventing fraud, abuse, and DDoS attacks – protecting our network and users

• Responding to support requests

• Complying with legal obligations (e.g., court orders, tax laws)

• Sending service‑related notices (e.g., Terms updates)

We use your personal data for the following purposes:

- To create and manage your account.

- To authenticate your access to the proxy servers.

- To process one‑time payments and prevent fraudulent transactions.

- To detect and stop abusive activities (e.g., DDoS attacks, spam, illegal content).

- To improve network performance and troubleshoot technical issues.

- To comply with lawful requests from Estonian or EU authorities.

- To communicate with you about your account, service changes, or security updates.

We do not sell your personal data to third parties. We do not use your data for automated decision‑making or profiling that produces legal effects.

We retain personal data only as long as necessary for the purposes set out in this policy.

- Account information (email, hashed password): For the duration of your account plus 2 years after last activity (unless you request earlier deletion).

- Connection metadata (source IP, timestamps, traffic volume): 30 days, then automatically anonymised or deleted. Used solely for anti‑abuse and security.

- Payment records: 7 years (required by Estonian accounting and tax laws).

- Support emails: 3 years after resolution of the issue.

- Website server logs: 14 days.

After these periods, data is deleted or irreversibly anonymised.

We share your personal data only in the following limited circumstances:

- Third‑party payment processor: To handle one‑time transactions. The processor is contractually bound to use your data solely for that payment and not for any other purpose.

- Legal authorities: If required by law, court order, or lawful request from Estonian law enforcement or supervisory authorities (e.g., Data Protection Inspectorate).

- Abuse prevention: We may share connection metadata with upstream providers or law enforcement to stop ongoing attacks (e.g., DDoS, spam relays).

- Service providers: Limited technical subcontractors (e.g., hosting provider) who sign data processing agreements under GDPR.

We never sell, rent, or trade your personal data.

Our servers are located within the European Economic Area (EEA). If we use a subcontractor outside the EEA (e.g., a payment processor), we ensure an adequate level of protection via EU Standard Contractual Clauses or equivalent safeguards.

You have the following rights regarding your personal data:

- Right to access – Receive a copy of the data we hold about you.

- Right to rectification – Correct inaccurate or incomplete data.

- Right to erasure (“right to be forgotten”) – Request deletion of your data, subject to legal retention obligations (e.g., tax records).

- Right to restriction of processing – Limit how we use your data while a request is being resolved.

- Right to data portability – Receive your data in a structured, machine‑readable format.

- Right to object – Object to processing based on legitimate interests (e.g., marketing – we do not send marketing emails).

To exercise these rights, contact us at privacy@scrapium.app. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) – see www.aki.ee.

We implement appropriate technical and organisational measures to protect your data, including:

- Encryption in transit (TLS for website, SSH‑encrypted proxy control channels).

- Hashed and salted passwords.

- Restricted access to logs and internal systems.

- Regular security audits and updates.

However, no method of transmission over the Internet is 100% secure. You use the Services at your own risk.

Because we do not operate recurring billing or subscriptions, we do not store continuous payment authorisation tokens or renew your service automatically. Your payment data is used only for the specific one‑time transaction and is retained solely for legal accounting purposes, not for future charges.

Our Services are not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If we become aware of such data, we will delete it immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on our website at least 15 days in advance. The “Last updated” date at the top indicates the latest revision. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact us:

Parlinx Tech OÜ  

Email: privacy@scrapium.app

Address: Mustamäe tee 5, Kristiine linnaosa, Tallinn, 10616, Estonia