CrawlHawk

Privacy Policy

Privacy Policy

Effective date: 31 May 2026 | Last updated: 31 May 2026

This Privacy Policy explains how New Horizon Platforms Kft. (the "Operator", "we", "us") processes personal data of Users of the CrawlHawk service (the "Service") at crawlhawk.com. This policy is published in accordance with Regulation (EU) 2016/679 (the "GDPR") and Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

1. Data Controller

Operator: New Horizon Platforms Kft.

Registered office: Hullám utca 8. 1. em. 10. ajtó, 6721 Szeged, Hungary

EU VAT number: HU32654488

Email: support@crawlhawk.com

For all data protection matters, please contact us at support@crawlhawk.com. The Operator has not appointed a Data Protection Officer, as appointment is not mandatory for the Operator under Article 37 GDPR. Data protection requests are handled by the Operator's privacy contact reachable at the address above.

2. Scope

This policy applies to personal data we process when you visit the Service, create an Account, purchase Credit Packs, submit Crawls, retrieve Crawl Results, use the API, or otherwise interact with us.

This policy does not describe the processing of any personal data that may be contained in third-party Target Websites that you instruct us to crawl. Where you cause the Service to process personal data of third parties (for example, by crawling a website that contains personal data), you are the controller in respect of that processing, and you are responsible for ensuring an appropriate lawful basis and for complying with applicable data-protection law. See Section 12 below.

3. Categories of Personal Data We Process

3.1 Account Data

Name (where provided), email address, password (stored as a salted hash), preferred language, country, billing/business information (where provided), and authentication tokens or API keys (where applicable).

3.2 Payment Data

Payment card details are entered directly into and processed by Stripe Payments Europe, Limited. The Operator does not store full payment card numbers. We retain payment metadata such as transaction identifier, amount, currency, date, Credit Pack purchased, and invoice details, for invoicing and accounting purposes.

Electronic invoices are issued in the Operator's name through Billingo Technologies Zrt. (1133 Budapest, Árbóc utca 6., Hungary; Cg. 01-10-140802) as our e-invoicing processor. The data transmitted to Billingo includes your name (or business name), billing address, EU VAT number (where applicable), the transaction details (Credit Pack purchased, amount, currency, date) and the invoice number. Billingo issues the invoice in our name, stores it, and submits it to the Hungarian Tax Authority (NAV) Online Számla system as required by Hungarian law.

3.3 Service Usage Data

Crawls submitted (including the URL or scope you specified, configuration choices, timestamps, Credit consumption), Crawl Results metadata (status, duration, number of URLs processed), download history, API usage data (where applicable), and your saved or favourited Crawl configurations.

3.4 Communications Data

Emails and support tickets you send us, and our responses to them.

3.5 Technical and Usage Data

IP address, device and browser information, operating system, language, referrer URL, pages visited, click and interaction data, timestamps; error and performance logs collected via Sentry; analytics events collected via Google Analytics subject to your consent.

3.6 AI-Assisted Features Data

When you use the AI Product Scraper or other AI-assisted features, the relevant page content retrieved from the Target Website may be transmitted to OpenAI as a processor for extraction purposes. By default, OpenAI does not use API data to train its models; data is used for training only where the customer explicitly opts in. The Operator does not currently opt in to such data sharing. Where the page content incidentally contains personal data, that data may be transmitted as part of the page content; see Section 12 on your controller responsibility.

3.7 Advanced Processing Data

For Target Websites that require advanced processing (JavaScript rendering, anti-bot handling), requests may be routed through third-party infrastructure providers such as Zyte. These providers normally receive the Target URL, request configuration and the resulting response data needed to perform the request. They do not need your full account profile to perform an individual Crawl, although limited technical, billing or abuse-prevention metadata may be processed where necessary.

3.8 Cookies and Similar Technologies

See our Cookie Policy for details.

4. Purposes and Lawful Bases

We process personal data on the following lawful bases (Article 6 GDPR):

  • Performance of a contract (Art. 6(1)(b) GDPR) — to create and operate your Account, process Credit Pack purchases, execute the Crawls you submit, deliver Crawl Results, provide customer support and operate the API.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR) — for invoicing, accounting and tax obligations, responding to lawful requests from authorities, and complying with the DSA and other applicable laws.
  • Consent (Art. 6(1)(a) GDPR) — for non-essential cookies, marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to keep the Service secure, prevent fraud, abuse and crawler misuse, monitor service performance and errors, conduct analytics in aggregated form, defend legal claims, and develop and improve the Service. Where we rely on legitimate interests, we have weighed those interests against your rights and freedoms.

5. Recipients and Processors

We share personal data with the following categories of recipients, who act as our processors or independent controllers:

  • Stripe Payments Europe, Limited (Ireland) and Stripe, Inc. (United States) — payment processing.
  • Billingo Technologies Zrt. (1133 Budapest, Árbóc utca 6., Hungary; Cg. 01-10-140802) — electronic invoicing and NAV Online Számla reporting on behalf of the Operator.
  • RackForest Kft. (Hungary) — hosting and infrastructure.
  • Hetzner Online GmbH (Germany) — hosting and infrastructure.
  • Functional Software, Inc. (Sentry) (United States) — error and performance monitoring.
  • Google Ireland Limited / Google LLC — analytics (Google Analytics), where you have consented.
  • OpenAI Ireland Limited / OpenAI, L.L.C. — AI-assisted extraction features.
  • Zyte Group Limited (Ireland) — advanced and protected-website crawling infrastructure, where used.
  • NETIM SARL (France) — domain registration and related WHOIS / contact handling.
  • Internal development, testing and design tools (such as code repositories, API testing tools and design tools, including services such as GitHub, Postman and Figma) — may incidentally process limited operational or support-related personal data where strictly necessary for development, debugging, documentation or issue resolution. Production user data is not routinely transferred to these tools.
  • Competent authorities, courts and regulators — where required by law or to defend our legal rights.
  • Professional advisors (lawyers, accountants, auditors) — under confidentiality obligations.
  • Successor entities in the event of a merger, acquisition or sale of assets, subject to applicable law.

We do not sell personal data.

6. International Transfers

Some of our processors are established outside the European Economic Area (EEA), in particular in the United States. Where personal data is transferred outside the EEA, we rely on:

  • an adequacy decision of the European Commission, where applicable;
  • the EU-US Data Privacy Framework for transfers to US-based processors that are certified under it;
  • the EU Standard Contractual Clauses (SCCs), supplemented by appropriate technical and organisational measures where required;
  • other appropriate safeguards permitted under Articles 46 or 47 GDPR.

You may request a copy of the safeguards in place by contacting support@crawlhawk.com.

7. Retention

In summary: following Account closure, we retain core Account data for 5 years to defend against legal claims, billing records for 8 years as required by Hungarian accounting law, and we delete or anonymise other categories within shorter periods as set out below. We retain personal data only for as long as necessary for the purposes for which it was collected, including the following standard periods (which may be extended where necessary to defend legal claims or to comply with legal obligations):

  • Account data: for the duration of your Account, plus 5 years following Account closure (general civil law statute of limitations).
  • Invoicing and accounting records: 8 years from the end of the relevant fiscal year (Section 169 of the Hungarian Accounting Act, Act C of 2000).
  • Crawl Results and downloadable artefacts: stored for up to 90 days following completion of the Crawl, after which they are automatically deleted. Crawl metadata (URL, timestamp, status, Credit consumption) is retained as part of the Crawl history for the duration of the Account and the relevant retention period.
  • Server logs (access logs, error logs, security events): up to 12 months from creation. Aggregated and anonymised statistics may be kept longer.
  • Analytics data: up to 14 months in identifiable form, after which it is aggregated.
  • Marketing consent records: until withdrawal of consent and for a reasonable period thereafter (typically up to 5 years) to evidence compliance.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) — to obtain confirmation as to whether we process your personal data, and a copy of that data.
  • Right to rectification (Art. 16 GDPR) — to have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17 GDPR) — to request deletion of your data, subject to applicable exceptions.
  • Right to restriction (Art. 18 GDPR) — to request restriction of processing in defined cases.
  • Right to data portability (Art. 20 GDPR) — to receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR) — to processing based on legitimate interests, including profiling.
  • Right to withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint with a data protection supervisory authority, in particular the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or the supervisory authority of your habitual residence.

To exercise your rights, please contact support@crawlhawk.com. We will respond within one month, unless the request is complex, in which case we may extend the deadline by up to two further months.

9. Automated Decision-Making

We do not subject Users to decisions based solely on automated processing that produce legal effects or similarly significantly affect them within the meaning of Article 22 GDPR. Spam, fraud and abuse-detection systems may automatically flag activity for human review.

10. Children

The Service is not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact support@crawlhawk.com.

11. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), access controls, segregation of environments, regular review of access rights, and logging. No security measure is, however, completely secure. We will notify you and the competent supervisory authority of any personal data breach in accordance with Articles 33 and 34 GDPR where required.

12. Personal Data in Crawl Targets — Your Controller Responsibility

This Section is important. The Service crawls third-party websites that you specify. Such websites may contain personal data of third parties (for example, names, contact details, photographs, profile information).

  • Where the Service processes personal data of third parties because you instructed it to crawl a website containing such data, you are the data controller in respect of that processing. The Operator acts as a processor in respect of that data, on your documented instructions.
  • It is your responsibility to ensure that there is a lawful basis under the GDPR (or other applicable law) for your collection and use of that personal data, and to comply with all other applicable data-protection obligations, including providing information to data subjects, honouring their rights, ensuring lawful international transfers, and implementing appropriate security measures.
  • The Operator may decline or interrupt processing where it has reasonable grounds to believe that a Crawl involves unlawful processing of personal data, including (without limitation) mass harvesting of personal data, profiling without lawful basis, or processing in violation of data-subject rights.

This Section applies equally to any feature of the Service that extracts contact information from Target Websites. The terms under which the Operator processes such personal data as a processor on behalf of the User are set out in the Data Processing Agreement available on the Service, which applies to all processing described in this Section and forms part of the contractual framework between the User and the Operator.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and/or through the Service. The "Last updated" date at the top of this policy reflects the most recent version.

14. Contact

For privacy-related questions or to exercise your rights, please contact us at support@crawlhawk.com.

Hungarian National Authority for Data Protection and Freedom of Information (NAIH): 1055 Budapest, Falk Miksa utca 9-11., Hungary; ugyfelszolgalat@naih.hu; +36 (1) 391-1400; www.naih.hu.