Privacy Policy
Last Updated: April 2026
This Privacy Policy describes how HasData.com (“HasData,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website at hasdata.com and our APIs and related services (collectively, the “Services”).
By using the Services, you consent to the collection, use, disclosure, and handling of your information as described in this Privacy Policy. If you do not agree, do not use the Services.
1. Information We Collect
1.1 Information You Provide
When you create an account or use the Services, you provide us with:
- Email address — used for account login, transactional emails (welcome email, payment receipts), and product update emails with your consent
- Payment information — processed by Stripe; we do not store your credit card details directly
1.2 Information Collected Automatically
When you access the Services, we automatically collect:
- IP address — collected via our secure web server logging system, used for monitoring, debugging, security, and to personalize your experience
- Geolocation data — derived from your IP address, used but not stored
- Usage data — collected via Google Analytics and Amplitude, including pages visited, session duration, referral source, device information, and product usage patterns
- API usage data — request volume, endpoints used, error rates, and response times associated with your account
1.3 Data Retrieved Through the Services
HasData’s APIs retrieve publicly available data from web pages that are freely viewable by any user with a standard web browser, without requiring authentication or login credentials. The Services use standard web browsing technologies to access this content and return structured representations to you, the customer. HasData acts as a data processor with respect to any personal data contained in API responses — you, the customer, are the data controller responsible for your use of that data. See Section 7 for details.
2. How We Use Your Information
We use your personal information for the following purposes:
- To identify you when you log in to the Services
- To deliver transactional emails related to your account
- To deliver non-transactional product update emails (with your consent where required)
- To process payments through Stripe
- To monitor, debug, and improve the Services
- To enforce our Terms of Use
- To comply with applicable laws and legal obligations
Processing is done via automated electronic means.
3. How We Share Your Information
We share your personal information only as follows:
- Stripe — for payment processing. See Stripe’s Privacy Policy.
- Google Analytics — for website visitor tracking. See Google’s Privacy Policy.
- Amplitude — for product analytics. See Amplitude’s Privacy Policy.
- Legal compliance — we may disclose your information to comply with applicable laws, respond to subpoenas, search warrants, or other lawful requests, or to protect our rights.
- Terms of Use enforcement — we may disclose your information if you violate our Terms of Use.
We do not sell your personal information. We do not share your personal information for purposes other than those listed above.
4. Data Retention
We retain your personal information as follows:
- Account data (email, profile): For the duration of your account, plus 12 months after account deletion to support dispute resolution and legal obligations.
- Payment records: 7 years from the date of transaction, as required for tax and accounting purposes.
- Server logs (IP addresses): 90 days from collection.
- API request data (request parameters, target URLs, request headers, and other information required to make a request): For the duration of your account.
- API response data — real-time APIs (copies of data returned by our APIs): 30 days from the date of the request.
- API response data — no-code scrapers (copies of data returned by our no-code scraping tools): For the duration of your account. Retention period may be adjusted per account settings.
After the applicable retention period, personal data is deleted or anonymized. You may request earlier deletion of your data as described in Sections 5 and 6.
5. Your Rights Under GDPR (European Economic Area, UK, and Switzerland)
If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, the following rights apply to you under the General Data Protection Regulation (“GDPR”) or equivalent local law.
5.1 Legal Basis for Processing
We process your personal data on the following legal bases:
- Contract performance (Article 6(1)(b)): Processing your email and account data is necessary to provide the Services you have subscribed to.
- Legitimate interest (Article 6(1)(f)): Processing IP addresses and usage data for security, fraud prevention, and service improvement. Our legitimate interest is balanced against your rights and does not override your fundamental rights and freedoms.
- Consent (Article 6(1)(a)): Sending non-transactional marketing emails, where applicable.
- Legal obligation (Article 6(1)(c)): Retaining payment records and responding to lawful requests.
5.2 Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete personal data.
- Erasure (“right to be forgotten”) — request deletion of your personal data, subject to legal retention obligations.
- Restriction — request that we restrict processing of your personal data in certain circumstances.
- Data portability — receive your personal data in a structured, commonly used, machine-readable format.
- Object — object to processing based on legitimate interest, including profiling.
- Withdraw consent — withdraw consent for marketing emails at any time without affecting the lawfulness of processing based on consent before withdrawal.
To exercise any of these rights, contact us at privacy@hasdata.com. We will respond within 30 days.
5.3 International Data Transfers
Your personal data may be transferred to and processed in countries outside the EEA, including the Dominican Republic and the United States. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Transfers to countries with an adequacy decision from the European Commission
5.4 Right to Lodge a Complaint
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
5.5 Data Protection Contact
For GDPR-related inquiries: privacy@hasdata.com
6. Your Rights Under CCPA/CPRA (California Residents)
If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), provides you with specific rights regarding your personal information.
6.1 Categories of Personal Information Collected
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, IP address | Yes |
| Commercial information | Subscription plan, payment history | Yes |
| Internet or electronic network activity | API usage data, pages visited, session data | Yes |
| Geolocation data | Approximate location from IP address (not stored) | Yes (used, not retained) |
6.2 Your Rights
You have the right to:
- Know — request disclosure of the categories and specific pieces of personal information we have collected about you.
- Delete — request deletion of your personal information, subject to certain exceptions.
- Correct — request correction of inaccurate personal information.
- Opt out of sale or sharing — we do not sell or share your personal information as defined by the CCPA/CPRA.
- Non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.
6.3 How to Make a Request
To exercise your rights, contact us at privacy@hasdata.com. We will verify your identity before processing your request. We will respond within 45 days, with a possible 45-day extension if reasonably necessary.
6.4 Authorized Agents
You may designate an authorized agent to make a request on your behalf. We may require the agent to provide proof of authorization and may verify your identity directly.
7. Scraped-Data Governance
7.1 HasData as Data Processor
HasData’s APIs retrieve data from publicly accessible websites on behalf of our customers. With respect to any personal data contained in API responses:
- HasData is the data processor. We retrieve and deliver the data as instructed by the customer.
- The customer is the data controller. You determine the purpose and means of processing the data you receive through our APIs.
HasData does not independently determine how the data delivered through our APIs is used after delivery. Copies of API response data are retained for 30 days for real-time API requests and for the duration of the customer’s account for no-code scraper results (adjustable per account settings). API request data (request parameters, target URLs, and headers) is retained for the duration of the customer’s account. See Section 4 for full retention details.
7.2 Customer Responsibilities
As the data controller, you are responsible for:
- Ensuring that your collection and use of data obtained through the Services complies with all applicable laws, including GDPR, CCPA, and equivalent laws in your jurisdiction.
- Providing any required notices to data subjects whose personal data you collect through the Services.
- Responding to data subject access, deletion, and other requests related to data you have collected.
- Maintaining your own records of processing activities where required by law.
- Determining whether a Data Processing Agreement (DPA) is required for your use of the Services and requesting one from HasData if so.
7.3 Data Processing Agreement
Enterprise customers who process personal data through HasData’s APIs and require a Data Processing Agreement for GDPR or other compliance purposes may request one by contacting privacy@hasdata.com.
7.4 EU AI Act Transparency
If you use data obtained through the Services to develop, train, or evaluate artificial intelligence or machine learning models, you are responsible for compliance with applicable AI regulations, including the transparency and data governance requirements of the EU AI Act (Regulation (EU) 2024/1689). HasData can provide documentation of data sources and retrieval methods upon request to support your compliance obligations.
8. Additional U.S. State Privacy Rights
Residents of the following states have rights similar to those described in Section 6, subject to variations in each state’s law:
- Virginia (VCDPA)
- Colorado (CPA)
- Connecticut (CTDPA)
- Texas (TDPSA)
- Oregon (OCPA)
- New Jersey (NJDPA)
If you are a resident of one of these states, you may exercise your rights to access, correct, delete, or opt out of processing by contacting us at privacy@hasdata.com. We will respond in accordance with the applicable state’s requirements.
If we decline your request, you may appeal by contacting us at the same email address. We will respond to your appeal within the timeframe required by your state’s law.
9. Consent
The provision of consent to this Privacy Policy is optional. However, failure to provide consent for account identification and transactional email delivery will prevent you from using the Services, as we require your email to allow you to log in to your account.
10. Children’s Privacy
The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at privacy@hasdata.com and we will take steps to delete such information.
11. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be indicated by updating the “Last Updated” date at the top of this page. We encourage you to review this Privacy Policy periodically.
13. Contact Us
For general inquiries: roman@hasdata.com
For privacy-specific requests: privacy@hasdata.com
HasData.com
Mariano Vanderhorst
Las Terrenas 32000
Dominican Republic
On this page
1. Information We Collect1.1 Information You Provide1.2 Information Collected Automatically1.3 Data Retrieved Through the Services2. How We Use Your Information3. How We Share Your Information4. Data Retention5. Your Rights Under GDPR (European Economic Area, UK, and Switzerland)5.1 Legal Basis for Processing5.2 Your Rights5.3 International Data Transfers5.4 Right to Lodge a Complaint5.5 Data Protection Contact6. Your Rights Under CCPA/CPRA (California Residents)6.1 Categories of Personal Information Collected6.2 Your Rights6.3 How to Make a Request6.4 Authorized Agents7. Scraped-Data Governance7.1 HasData as Data Processor7.2 Customer Responsibilities7.3 Data Processing Agreement7.4 EU AI Act Transparency8. Additional U.S. State Privacy Rights9. Consent10. Children’s Privacy11. Data Security12. Changes to This Privacy Policy13. Contact UsStart scraping smarter today!
Get clean, usable data from the web’s most popular sites at scale, starting today.
Try For Free
