trawl

Last updated: April 2026

Privacy Policy

1. Introduction

Trawl ("we," "us," or "our") operates the website gettrawl.com and the Trawl API. Trawl is a unified content API for extracting structured text from 20+ internet sources. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and name. If you sign in via Google or GitHub OAuth, we receive your public profile information (name and email) from those providers.

2.2 Usage Data

We automatically collect API usage logs (endpoints called, request counts, timestamps) and IP addresses for rate limiting, security, and analytics purposes.

2.3 Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details on our servers. Stripe may collect information as described in their privacy policy.

3. Cookies and Local Storage

We use cookies and browser storage strictly for authentication:

  • Authentication cookie (JWT) — A session cookie used to authenticate your requests. This is not a tracking cookie.
  • localStorage (refresh token)— A refresh token stored in your browser's local storage to maintain your session across page reloads.

We do not use tracking cookies, advertising cookies, or any third-party ad network pixels.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Trawl API and website
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Enforce rate limits and prevent abuse
  • Send transactional emails (account verification, billing receipts)
  • Respond to support requests

We do not sell your personal information. We do not use your data for advertising.

5. API Data and Caching

Trawl extracts publicly available content from third-party sources (YouTube, podcasts, news sites, SEC filings, etc.) on your behalf. We handle this data as follows:

  • Temporary caching: Extracted content is cached in Redis with automatic expiry (typically 24 hours) to improve performance and reduce redundant requests. This is not permanent storage.
  • No query logging: We do not permanently store the URLs or search queries you submit to the API beyond the temporary cache period.
  • Stored transcripts: If you explicitly choose to save a transcript to your account, it is stored in our database and associated with your account until you delete it.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Amazon Web Services (AWS) — Cloud hosting and infrastructure
  • Stripe — Payment processing and subscription management
  • Google OAuth — Optional sign-in provider
  • GitHub OAuth — Optional sign-in provider
  • OpenAI — Powers AI features (summarization, entity extraction, sentiment analysis). Text you submit to AI features is sent to OpenAI for processing.

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

7. Data Security

We implement industry-standard security measures including encrypted connections (TLS), hashed API keys (SHA-256), bcrypt password hashing, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right to access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data.
  • Right to data portability — Request your data in a structured, commonly used format.
  • Right to object — Object to processing of your personal data.

To exercise any of these rights, email us at [email protected].

9. Account Deletion

You can request deletion of your account and all associated data at any time by emailing [email protected]. Upon receiving your request, we will delete your account, stored transcripts, API keys, and usage history. Cached data will expire automatically within 24 hours.

10. Data Retention

We retain your account information for as long as your account is active. API usage logs are retained for up to 90 days. Cached content expires automatically (typically within 24 hours). If you delete your account, we remove your personal data within 30 days.

11. Children's Privacy

Trawl is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of Trawl after changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or your personal data, contact us at [email protected].

See also our Terms of Service.