Privacy Policy

Last updated: February 8, 2026

1. Introduction

CrawlFAQs ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered documentation generator service. CrawlFAQs crawls web applications, captures screenshots, analyzes user interfaces using vision AI, and generates comprehensive documentation including FAQs, help articles, and tutorials.

By using CrawlFAQs, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

We collect several types of information to provide and improve our Service:

2.1 Account Information

When you create an account via Supabase Auth, we collect:

  • Email address
  • Password (encrypted and stored by Supabase)
  • Organization name
  • User preferences and settings

2.2 Project and Crawl Data

When you use CrawlFAQs to crawl web applications, we collect:

  • URLs of pages crawled
  • Screenshots of web pages
  • HTML content and accessibility trees
  • UI interaction events
  • Login credentials for authenticated crawling (encrypted with AES-256)
  • Extracted facts from AI vision analysis

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card information. We only store:

  • Stripe customer ID
  • Subscription status and tier
  • Billing history

2.4 Usage Analytics

We collect usage data to improve the Service:

  • Pages crawled per month
  • Number of projects created
  • Documentation generation requests
  • Error logs and crash reports (via Sentry)

2.5 Browser Extension Data

If you use the CrawlFAQs Recorder browser extension, we collect the following data during workflow recording sessions that you explicitly initiate:

  • User interactions (clicks, typing, navigation, form submissions) on pages you choose to record
  • Screenshots of the visible browser tab at each recorded step
  • Page URLs and titles of recorded pages
  • Element selectors and labels for interacted UI elements

Local storage: Screenshots are temporarily stored in your browser's local storage (chrome.storage.local) during recording. Your API key is stored in session storage only and is cleared when the browser is closed. No data is stored persistently on your device after upload.

Sensitive data protection: The extension automatically redacts input values for password fields, credit card numbers, API keys, security codes, and other sensitive fields. Redacted values are never captured or transmitted.

Data transmission: Recorded data is transmitted exclusively over HTTPS to your CrawlFAQs account. The extension does not send data to any third parties, does not include analytics or tracking, and does not collect data outside of active recording sessions.

Data retention: Screenshots are deleted from your browser's local storage after successful upload to your CrawlFAQs account. Server-side retention follows the same policies described in Section 8 below.

3. Chrome Extension (CrawlFAQs Recorder)

The CrawlFAQs Recorder is a Chrome browser extension that captures user workflows to generate step-by-step guides. This section provides a comprehensive overview of the extension's data practices.

3.1 When Data Is Collected

The extension only collects data during active recording sessions that you explicitly start by pressing the Record button. When you are not recording, the extension does not monitor, capture, or transmit any browsing activity. You have full control over when recording starts and stops.

3.2 Browser Permissions

The extension requests the <all_urls> permission so it can record workflows on any website you choose. This permission is necessary because CrawlFAQs users document a wide variety of web applications and the extension must be able to capture interactions on any site. Despite having broad permission, the extension only activates on the tab you are recording and does not access or monitor other tabs or windows.

3.3 Authentication & API Keys

The extension authenticates with your CrawlFAQs account using API keys:

  • API keys are created in your CrawlFAQs account settings and prefixed with cfq_
  • Keys are hashed with SHA-256 before being stored on our servers — the plaintext key is shown to you only once at creation
  • The extension stores your API key in browser session storage only; it is cleared when you close the browser
  • You can revoke API keys at any time from your account settings, immediately disabling extension access
  • A maximum of 5 API keys can be active per organization

3.4 Data Storage & Transmission

During recording, screenshots are temporarily stored in your browser's local storage (chrome.storage.local). When you finish recording, the data is uploaded to your CrawlFAQs account over HTTPS. After successful upload, screenshots are automatically deleted from your browser's local storage. No recording data persists on your device after upload.

The extension communicates exclusively with CrawlFAQs servers. It does not send data to any third parties, does not include analytics or tracking libraries, and does not inject advertisements.

3.5 User Controls & Data Deletion

You have full control over your extension data:

  • Pause or stop recording at any time during a session
  • Delete individual recordings from your CrawlFAQs dashboard
  • Revoke API keys from your account settings to immediately disconnect the extension
  • Uninstall the extension at any time, which removes all locally stored data
  • Delete your account to permanently remove all recordings and associated data from our servers

4. How We Use Your Information

We use the collected information for the following purposes:

  • To provide the Service: Crawl web applications, capture screenshots, analyze UI with OpenRouter's AI models (GPT-4o-mini for text, Qwen 2.5 VL for vision), generate documentation, and produce step-by-step guides from browser extension recordings
  • To process payments: Manage subscriptions and billing through Stripe
  • To improve the Service: Analyze usage patterns to enhance features and fix bugs
  • To communicate with you: Send service updates, technical notices, and support messages
  • To ensure security: Detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations: Respond to legal requests and prevent harm

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Database: User data and metadata are stored in Supabase Postgres with encryption at rest
  • Screenshots: Stored in Supabase Storage with secure access controls
  • Credentials: Login credentials for authenticated crawling are encrypted with AES-256 encryption before storage
  • API keys: Extension API keys are hashed with SHA-256 before storage; plaintext keys are never retained on our servers
  • Transmission: All data is transmitted over HTTPS (TLS 1.2+)
  • Access control: Role-based access controls limit data access to authorized personnel only
  • Monitoring: Sentry error monitoring helps us detect and respond to security incidents

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Third-Party Services

CrawlFAQs integrates with the following third-party services:

  • Supabase: Authentication, database, and file storage. View their Privacy Policy
  • Stripe: Payment processing. View their Privacy Policy
  • OpenRouter: AI processing (GPT-4o-mini for text generation, Qwen 2.5 VL for vision analysis). Screenshots and text are sent to OpenRouter for analysis. View their Privacy Policy
  • Sentry: Error monitoring and crash reporting. View their Privacy Policy

These third-party services have their own privacy policies. We are not responsible for their privacy practices.

7. Cookies & Tracking

CrawlFAQs uses cookies to maintain your authentication session via Supabase Auth. These are essential cookies required for the Service to function. We do not use third-party tracking cookies or analytics cookies. Session cookies are stored in your browser and are deleted when you log out or your session expires.

8. Data Retention

We retain your data as follows:

  • Crawl screenshots: Processed by AI and then deleted after documentation generation (typically within hours)
  • Recording data: Recordings and associated screenshots from the browser extension are retained until you delete the recording or your account
  • Generated documentation: Retained until you delete the project
  • Account data: Retained until you delete your account
  • Billing records: Retained for 7 years for tax and legal compliance
  • Error logs: Retained for 90 days via Sentry

When you delete your account, all associated data including projects, crawl runs, and documentation is permanently removed from our systems within 30 days.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your account and associated data
  • Right to data portability: Export your generated documentation in Markdown, HTML, or JSON format
  • Right to object: Object to our processing of your personal data
  • Right to restrict processing: Request that we limit how we use your data
  • Right to withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at privacy@crawlfaqs.com. We will respond to your request within 30 days.

10. Children's Privacy

CrawlFAQs is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@crawlfaqs.com, and we will take steps to delete such information.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country. By using CrawlFAQs, you consent to the transfer of your data to the United States and other countries where our service providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

privacy@crawlfaqs.com

For general support inquiries, contact: support@crawlfaqs.com