CrawlFare

Privacy Policy

Last updated: April 6, 2026

1. Who We Are

CrawlFare is operated by MeruTech. This policy explains how we collect, use, and protect your personal information when you use our Service at crawlfare.com.

2. Information We Collect

Account information: Email address, name, and password hash when you sign up.

Google OAuth: If you sign in with Google, we receive your email, name, and profile picture from Google. We do not access your Google data beyond authentication.

Cloudflare API token: When you connect your Cloudflare account, we store your API token encrypted with AES-256-GCM. We use it solely to manage AI crawler policies on your zones.

Usage data: We store crawl analytics (request counts, data transfer volumes) pulled from Cloudflare's API for your domains.

Payment data: Billing is processed by Paddle. We store your Paddle customer ID and subscription status. We do not store credit card numbers.

3. How We Use Your Information

  • To provide and operate the CrawlFare service
  • To configure AI crawler policies on your Cloudflare zones
  • To display analytics about AI bot activity on your domains
  • To process payments and enforce subscription limits
  • To send transactional emails (verification, password reset, beta notifications)

4. Data Storage and Security

All data is stored on Cloudflare's infrastructure (D1 database, KV store) within the EU (WEUR region). API tokens are encrypted at rest with AES-256-GCM. Sessions use signed JWTs. All connections use TLS 1.3.

5. Data Sharing

We do not sell your data. We share data only with:

  • Cloudflare: API calls to manage your zones (using your token)
  • Paddle: Payment processing
  • Resend: Transactional email delivery
  • Google: OAuth authentication (if you use Google sign-in)

6. Data Retention

Account data is retained while your account is active. Crawl analytics are retained for 90 days (rolling window). If you delete your account, we delete all associated data within 30 days, including encrypted API tokens.

7. Your Rights

You may:

  • Access your data via the dashboard
  • Disconnect your Cloudflare account at any time (we delete the stored token)
  • Request account deletion by emailing hello@crawlfare.com
  • Export your crawl analytics data as CSV

8. Cookies

We use essential cookies only: session tokens (HttpOnly, Secure, SameSite=Lax) and CSRF protection tokens. We do not use tracking cookies or third-party analytics cookies.

9. Changes

We may update this policy. Material changes will be communicated via email.

Contact

Privacy questions? Email hello@crawlfare.com.