Privacy Policy

Last updated: March 29, 2026

Effective Date: March 29, 2026

1. Introduction

RapierCraft Inc. ("AlterLab," "we," "us," or "our") operates the AlterLab ScraperAPI platform at alterlab.io (the "Service"). We are committed to protecting your privacy and handling your personal information with care and respect.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web scraping API service. Please read this policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you register for an account, subscribe to our services, or contact us. This information may include:

  • Full name
  • Email address
  • Company name and business information
  • Billing address and payment information (processed securely through Stripe)
  • Phone number (optional)
  • Profile information and preferences

2.2 Usage Data and API Logs

When you use our API service, we automatically collect certain information about your usage:

  • API requests, including URLs scraped, request parameters, and response data
  • API key usage and authentication attempts
  • Request timestamps, duration, and success/failure rates
  • IP addresses and geographic location data
  • User agent strings and device information
  • Balance and billing metrics
  • Error logs and debugging information

2.3 Technical and Device Information

We collect technical information about how you access our Service:

  • Browser type, version, and language preferences
  • Operating system and device type
  • Screen resolution and display settings
  • Referring website addresses
  • Pages visited and time spent on each page
  • Click patterns and navigation paths

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience and collect usage data. For detailed information about our use of cookies, please review our Cookie Policy.

2.5 Communication Data

We collect information from your communications with us, including support tickets, email correspondence, feedback forms, and any other information you choose to provide.

2.6 User-Provided Session Data (BYOS)

When you use our Bring Your Own Session (BYOS) authenticated scraping feature, you may provide us with third-party session data to enable scraping of authenticated content. This data may include:

  • Session cookies from third-party websites (e.g., authentication tokens, login session identifiers)
  • Authentication headers or bearer tokens you provide via the API
  • Cookies captured through the AlterLab Chrome Extension cookie capture feature
  • Domain associations for stored session data (which websites the cookies belong to)

Important: We treat all user-provided session data as highly sensitive authentication material. You are responsible for ensuring you have the right to use and share the session data you provide. We do not access, read, or use your session cookies for any purpose other than injecting them into your authorized scraping requests.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our web scraping API service, including processing your API requests and delivering results
  • Account Management: To create and manage your account, authenticate users, and provide customer support
  • Billing and Payments: To process payments, manage subscriptions, track usage, and send invoices
  • Communication: To send you service updates, security alerts, technical notices, and responses to your inquiries
  • Analytics and Improvement: To analyze usage patterns, identify trends, and improve our Service's performance and features
  • Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
  • Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and property
  • Marketing: With your consent, to send promotional materials, product announcements, and newsletters (you may opt-out at any time)
  • Research and Development: To develop new features, services, and technologies
  • Authenticated Scraping (BYOS): To inject your user-provided session cookies and authentication tokens into scraping requests on your behalf, enabling access to authenticated content on third-party websites

3.1 Legal Basis for Processing (GDPR Article 6)

For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data on the following legal bases:

  • Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform our contract with you, including account creation, service provision, API request processing, billing, and customer support.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, including fraud prevention, service security, analytics and service improvement, and internal administration. We balance these interests against your rights and freedoms.
  • Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations, including tax and accounting requirements, responding to lawful government requests, and data breach notification obligations.
  • Consent (Art. 6(1)(a)): Where we rely on your consent, such as for marketing communications and optional analytics cookies, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data Storage and Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest using AES-256 encryption
  • Secure API key storage using Argon2 hashing algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Monitoring and logging of security events
  • Regular backup procedures with encrypted storage
  • Incident response procedures and breach notification protocols

Your data is stored on secure servers located in the United States. We use reputable cloud infrastructure providers that comply with industry security standards and certifications.

4.1 BYOS Session Data Security

User-provided session data receives additional security protections due to its sensitive nature:

  • Encryption at rest: All stored session cookies are encrypted using AES-256-GCM with per-user encryption keys
  • Domain isolation: Session data is strictly scoped to the domain it was provided for and cannot be used across different domains
  • Inline mode (memory-only): When session cookies are passed directly in an API request (inline mode), they are held in memory only for the duration of that request and are never persisted to disk or database
  • Access control: Only the account that created a stored session can access or use it — session data is never shared between accounts
  • Transport security: All session data is transmitted exclusively over TLS-encrypted connections

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf:

  • Stripe: Payment processing and subscription management
  • Cloud Infrastructure Providers: Hosting and data storage services
  • Analytics Services: Microsoft Clarity for behavioral analytics, heatmaps, and session recordings
  • Email Service Providers: Transactional and marketing email delivery
  • Customer Support Tools: Help desk and ticketing systems

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

5.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 Protection of Rights

We may disclose information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our Terms of Service, or to protect our rights, property, or safety, or that of others.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

6.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data in a structured, commonly used, and machine-readable format.

6.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You can update most information directly through your account settings.

6.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, or legitimate business purposes). You can delete your account at any time through your account settings.

6.4 Right to Data Portability

You have the right to request a copy of your personal information in a portable format that can be transferred to another service provider.

6.5 Right to Opt-Out

You can opt-out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in our emails or by contacting us. You may also opt-out of certain data collection practices, such as analytics cookies, through your browser settings.

6.6 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information under certain circumstances, such as when you contest the accuracy of the data or object to our processing.

6.7 Right to Object

You have the right to object to our processing of your personal information for direct marketing purposes or when processing is based on legitimate interests.

6.8 Right to Lodge a Complaint

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection laws. You can find a list of EEA supervisory authorities at the European Data Protection Board website. While we encourage you to contact us first to resolve any concerns, this right can be exercised at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies Policy

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us recognize you, remember your preferences, and analyze how you use our Service.

For detailed information about the types of cookies we use, how we use them, and how you can control them, please see our Cookie Policy.

Note on BYOS cookies: The cookies described in this section and our Cookie Policy refer to cookies that AlterLab sets on your browser when you visit our website. These are distinct from the third-party session cookies you may provide through our BYOS (Bring Your Own Session) feature, which are covered in Section 8 (BYOS Session Data) below. We do not set or modify cookies on third-party websites.

8. BYOS Session Data Handling

This section describes how we handle session data you provide through our Bring Your Own Session (BYOS) authenticated scraping feature, including cookies submitted via the API and those captured using the AlterLab Chrome Extension.

8.1 What We Collect and Store

  • Stored sessions: When you create a named session via the API or Chrome Extension, we store the encrypted cookie data, the associated domain, a user-defined session name, and metadata (creation date, last used date)
  • Inline sessions: When you pass cookies directly in an API request, we process them in memory only — no cookie data is written to disk or persisted after the request completes
  • Chrome Extension capture: The AlterLab Chrome Extension reads cookies from your browser for domains you explicitly select and transmits them to our API over an encrypted connection. The extension does not capture cookies without your explicit action

8.2 How We Use BYOS Data

We use your session data solely to inject it into scraping requests you initiate. We do not analyze, profile, or extract information from your session cookies. We do not use your session data to access third-party accounts except as directed by your API requests.

8.3 Retention and Deletion

  • Stored sessions: Retained until you explicitly delete them through the API or dashboard, or until your account is deleted. There is no automatic expiration — you maintain full control over the lifecycle of your stored sessions
  • Inline sessions: Discarded immediately after the API request completes. No data is retained
  • Account deletion: When you delete your account, all stored session data is permanently and irreversibly deleted within 30 days

8.4 Your Rights Over BYOS Data

In addition to the general rights described in Section 6, you have the following specific rights over your BYOS session data:

  • View: You can list all stored sessions and their metadata (domain, name, creation date) via the API or dashboard at any time
  • Delete: You can delete any individual session or all sessions at any time through the API or dashboard. Deletion is immediate and irreversible
  • Export: You may request an export of your stored session metadata (excluding the encrypted cookie values) as part of a data portability request

8.5 Third-Party Responsibility

AlterLab acts as a data processor for BYOS session data that you provide. You are the data controller and are responsible for ensuring that your use of third-party session cookies complies with the terms of service of those third-party websites and all applicable laws. We do not verify the validity, ownership, or authorization of session data you provide.

9. Data Retention

We retain your personal information for as long as necessary to provide our Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account Information: Retained while your account is active and for up to 90 days after account deletion
  • API Request Logs: Retained for 30 days for performance monitoring and debugging purposes
  • Billing Records: Retained for 7 years to comply with tax and accounting regulations
  • Support Communications: Retained for 3 years for quality assurance and legal purposes
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely for statistical analysis
  • BYOS Session Data: Stored sessions are retained until you delete them or your account is deleted. Inline session cookies are discarded immediately after request completion. See Section 8 for full details

When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We are based in the United States, and our servers are located in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

We take appropriate measures to ensure that your personal information receives an adequate level of protection in accordance with applicable data protection laws. For transfers from the European Economic Area (EEA), we rely on standard contractual clauses approved by the European Commission. For details on our data processing commitments when we act as a processor on your behalf, see our Data Processing Agreement.

11. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page with a new "Last updated" date
  • Sending you an email notification to the address associated with your account
  • Displaying a prominent notice on our website or Service

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

13. Contact Information

Questions About This Privacy Policy?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries:

[email protected]

Mailing Address:

RapierCraft Inc.
651 North Broad Street
Suite 201
Middletown, DE US

Support Phone:

+91 99974 72266

Data Protection Officer:

For GDPR-related inquiries, you may contact our Data Protection Officer at [email protected]

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

To exercise these rights, please contact us at [email protected] or call us at +91 99974 72266. We will verify your identity before processing your request.