Privacy Policy

This Privacy Policy explains how Vision Infinity Solutions FZE LLC ("Vision 8 Solutions," "we," "us," or "our"), operating from Ajman, United Arab Emirates, collects, uses, stores, and protects your personal information when you use the Scraper8 web scraping API service ("Service"), including our website at vision8solutions.com, API endpoints, dashboard, and documentation.

By creating an account or using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2.1 Account Information

• Full name
• Email address
• Hashed password (if registering with email/password)
• Google account identifier (if using Google Sign-In)

2.2 Usage Data

• API requests made (URLs scraped, timestamps, engine used, response status)
• Request volume and rate limit usage
• API key identifiers (we store a SHA-256 hash, never the raw key after initial display)

2.3 Technical Data

• IP address
• Browser user agent string
• Login timestamps and session data
• Login attempt records (for security monitoring)

2.4 Information We Do NOT Collect

• We do not use cookies for advertising or tracking
• We do not use Google Analytics or any third-party analytics service
• We do not store the content you scrape — scraped data is returned to you in real-time and not retained on our servers
• We do not sell, rent, or share your personal data with third parties for marketing

• To create and manage your account
• To authenticate you and maintain secure sessions
• To enforce rate limits and usage quotas based on your plan
• To detect and prevent abuse, fraud, and unauthorized access
• To monitor and improve service reliability and performance
• To send essential transactional emails (verification codes, account alerts)
• To respond to support inquiries
• To comply with legal obligations

If you are in the European Economic Area (EEA) or United Kingdom, we process your data based on:

• Contract performance: Processing necessary to provide the Service you signed up for
• Legitimate interests: Security monitoring, abuse prevention, service improvement
• Legal obligation: Compliance with applicable laws and regulations
• Consent: Where you have explicitly opted in (e.g., marketing communications, if any)

• All data is stored in PostgreSQL databases hosted on secure infrastructure
• Passwords are hashed using bcrypt with a cost factor of 12
• API keys are stored as SHA-256 hashes — we cannot retrieve your raw API key after initial display
• OTP verification codes are hashed (SHA-256) before storage and expire after 10 minutes
• Session tokens are signed JWTs with 7-day expiry, validated server-side against the database
• All cookies are HttpOnly, Secure (in production), and SameSite=Lax
• All connections use TLS/HTTPS encryption in transit
• We implement HSTS, CSP, X-Frame-Options, and other security headers
• Login attempts are monitored with automatic lockout after 5 failed attempts

• Account data: Retained as long as your account is active. You can request deletion at any time.
• Usage logs: Retained for up to 90 days for billing and abuse detection, then automatically purged.
• Login attempt logs: Retained for up to 30 days for security monitoring.
• Unverified accounts: Automatically deleted after 24 hours if email is not verified.
• Scraped content: Not retained. Data is streamed to you and discarded immediately.

We use the following third-party services:

• Google OAuth: For optional sign-in. Google receives only the data necessary for authentication. See Google's Privacy Policy.
• Email provider: For sending OTP verification emails. We share only your email address and name for this purpose.
• Payment processor (if applicable): For paid plans. Payment details are handled entirely by the processor — we never store credit card numbers.

We do not share data with any advertising networks, data brokers, or analytics platforms.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data
• Data portability: Request your data in a structured, machine-readable format
• Restriction: Request that we limit processing of your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@vision8solutions.com. We will respond within 30 days.

We use only essential cookies required for the Service to function:

• s8_session: Authentication session cookie (HttpOnly, Secure, 7-day expiry)
• s8_google_state: Temporary CSRF protection cookie during Google OAuth flow (10-minute expiry, deleted after use)

We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

Our servers may be located outside your country of residence. By using the Service, you consent to the transfer of your data to these locations. We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy and applicable law.

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page. For significant changes, we may also send an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, contact us:

• Company: Vision Infinity Solutions FZE LLC
• Address: BC-892485, 26th Floor, Amber Gem Tower, Ajman, UAE
• Email: support@vision8solutions.com
• Website: vision8solutions.com/contact