Scrapix
Sign inGet started

Privacy Policy

Last updated: March 25, 2026

1. Definitions

  • "Company", "we", "us", "our" refers to Meilisearch SAS, a simplified joint-stock company under French law, registered with the Paris Trade and Companies Register under number 844 156 364, with offices at 52 boulevard de Sebastopol, 75003 Paris, France.
  • "Service" refers to the Scrapix web crawling, scraping, and search indexing platform operated by the Company, accessible at scrapix.meilisearch.com and api.scrapix.meilisearch.com.
  • "Personal Data" means any information relating to an identified or identifiable natural person as defined by GDPR Article 4(1).
  • "Usage Data" refers to data collected automatically through use of the Service, such as API request metadata, page visit timestamps, and device information.
  • "User", "you", "your" refers to any individual or legal entity accessing or using the Service.

2. Data Controller

Meilisearch SAS is the data controller within the meaning of GDPR Article 4(7) for Personal Data collected through the Service. For any questions regarding data processing, contact us at privacy@meilisearch.com.

3. Data We Collect

3.1 Account Data

When you create an account, we collect your email address, full name (optional), and a cryptographic hash of your password (Argon2). If you authenticate via Google or GitHub, we receive your email address, display name, and provider-specific user ID. We do not store OAuth access tokens beyond the initial authentication exchange.

3.2 Usage Data

We automatically collect data about your use of the Service, including: API requests (timestamps, endpoints, response codes, content size), crawl job configurations, URLs crawled and their metadata, and bandwidth consumed. This data is used for billing, analytics, rate limiting, and service improvement.

3.3 Payment Data

Billing is handled by our billing provider Hyperline, which uses Stripe, Inc. as its downstream payment processor. We do not store credit card numbers or bank account details. We retain the billing provider's customer and wallet identifiers for billing purposes.

3.4 Technical Data

We collect IP addresses, browser user-agent strings, and device information for security purposes (rate limiting, abuse prevention, fraud detection, and session management).

4. Legal Basis for Processing

We process your Personal Data on the following legal bases:

  • Performance of a contract — to provide and maintain the Service, manage your account, and process transactions (GDPR Article 6(1)(b)).
  • Legitimate interest — for security, fraud prevention, service improvement, and aggregated analytics (GDPR Article 6(1)(f)).
  • Consent — for optional communications such as marketing emails. You may withdraw consent at any time (GDPR Article 6(1)(a)).
  • Legal obligation — where required by applicable law or regulation (GDPR Article 6(1)(c)).

5. Purpose of Processing

  • Provide, maintain, and improve the Service
  • Manage user accounts and authentication
  • Process billing and send transaction-related notifications
  • Enforce rate limits, prevent abuse, and ensure platform security
  • Send transactional emails (account verification, password resets, job notifications)
  • Generate aggregated, anonymized analytics about Service usage
  • Comply with legal and regulatory obligations

6. Data Retention

  • Account data — retained for the duration of your active account.
  • Crawl job data & analytics — retained for 90 days after job completion, unless earlier deletion is requested.
  • Billing records — retained for 10 years in accordance with the French Code de Commerce.
  • Litigation/compliance — up to 5 years post-termination of the contractual relationship.
  • Navigation/technical data — maximum 6 months.

Upon account deletion, we remove your Personal Data within 30 days, except where retention is required by law. Anonymized data may be retained indefinitely.

7. Data Sharing and Recipients

We do not sell your Personal Data. We share data with:

  • Service providers — Hyperline (billing) with Stripe as its downstream payment processor, Resend (transactional emails), Heroku/cloud infrastructure providers (hosting). These processors act on our instructions and are bound by data processing agreements.
  • Affiliates — companies within the Meilisearch group, subject to this Privacy Policy.
  • Legal requirements — when required by law, court order, or governmental authority.

A complete record of data disclosures is maintained. You may request access by contacting privacy@meilisearch.com.

8. International Transfers

Your data is primarily processed within the European Union. Where data is transferred outside the EU (e.g., to US-based service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

9. Security

We implement industry-standard security measures including: passwords hashed with Argon2, API keys stored as SHA-256 hashes, JWT sessions with HttpOnly/Secure/SameSite cookies, TLS encryption in transit, role-based access control, and rate limiting. Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure.

10. Your Rights

Under the GDPR, French law no. 78-17 of January 6, 1978, and applicable data protection regulations, you have the right to:

  • Access the Personal Data we hold about you
  • Rectify inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time (where processing is based on consent)
  • Define guidelines regarding the fate of your data after death

To exercise these rights, contact privacy@meilisearch.com. We will respond within 30 days. If a request is denied, we will provide an explanation within 30 days, including grounds for denial. You also have the right to file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes) or seek compensation through the courts.

11. Cookies

We use a single session cookie (scrapix_session) for authentication. It is HttpOnly, Secure in production, and SameSite=Lax. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You may configure your browser to refuse cookies, but this will prevent you from using the Service.

12. Third-Party Links

The Service may contain links to third-party websites. We have no control over and assume no responsibility for the content or privacy practices of external sites. We encourage you to review their privacy policies independently.

13. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If you believe we have collected data from a child, contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least 15 days' advance notice before material changes take effect, except where changes are required by law or court order, in which case they may take effect immediately. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact

Meilisearch SAS
52 boulevard de Sebastopol, 75003 Paris, France
Paris Trade and Companies Register: 844 156 364
Email: privacy@meilisearch.com