Third-party services we use to operate the API.
We use a small number of third-party services to deliver the API. Each sees only the data required for its role. None see your full crawl results.
| Sub-processor | Location | Role | Data seen | Data not seen |
|---|---|---|---|---|
| Cloudflare | US/global edge | TLS termination, DDoS protection, anycast routing | HTTP request headers, paths, client IP addresses | Bearer tokens, request bodies, response bodies |
| Anti-bot provider | US | Handles /v1/cloud/scrape, /v1/cloud/unblock, /v1/cloud/search, /v1/cloud/fetch, /v1/cloud/render | Target URL and its response | Your API key (we proxy with our own) |
| Postmark | US | Transactional email (key minted, account suspended, billing) | Billing email address | N/A |
Before adding a new sub-processor, we will email all paying customers at least 30 days in advance with the sub-processor’s role. You may object in writing; if unresolved, you may terminate your plan with a prorated refund.