Privacy Policy

1. Introduction and Scope

Eddie.surf provides web scraping and AI-powered data extraction services through our API. This Privacy Policy applies to all users of our services, including:

• Visitors to our website
• Users who register for accounts
• Customers who purchase our services
• Developers who integrate our API

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein.

2. Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and compliance. You may contact our DPO at:

• Email: dpo@eddie.surf
• Address: Sure Scale Private Limited, 160 Robinson Road, #14-04 SBF Center, Singapore 068914

3. Personal Data We Collect

3.1 Information You Provide Directly

• Account Information: Name, email address, company name, billing address
• Authentication Data: Passwords (hashed), API keys, access tokens
• Payment Information: Credit card details (processed securely through Stripe), billing history
• Communication Data: Support tickets, emails, feedback
• API Usage Data: Endpoints accessed, request parameters, response data

3.2 Information Collected Automatically

• Technical Data: IP addresses, browser type, device information, operating system
• Usage Data: API calls, request volumes, error logs, performance metrics
• Cookie Data: Session cookies, analytics cookies (with consent)
• Location Data: Approximate location based on IP address

3.3 Third-Party Data

We may receive information about you from third parties such as:

• Payment processors (transaction confirmations)
• Authentication providers (if using OAuth)
• Business partners (referral information)

4. Purposes for Data Collection and Legal Basis

We collect and use your personal data for the following purposes:

4.1 Service Provision (Contractual Necessity)

• Creating and managing your account
• Processing API requests
• Providing customer support
• Billing and payment processing
• Monitoring usage and enforcing limits

4.2 Service Improvement (Legitimate Interests)

• Analyzing usage patterns to improve performance
• Developing new features and services
• Conducting research and analytics
• Training AI models (using anonymized data)

4.3 Legal and Compliance (Legal Obligation)

• Complying with legal requirements
• Preventing fraud and abuse
• Enforcing our terms of service
• Responding to legal requests

4.4 Marketing (Consent)

• Sending promotional communications (with opt-in consent)
• Notifying about service updates
• Conducting surveys and feedback

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our business:

• Stripe: Payment processing
• Amazon Web Services: Cloud infrastructure and hosting
• Google Analytics: Website analytics (with your consent)
• Customer support tools: Help desk and ticketing systems

5.2 Legal Requirements

We may disclose your data when required by law, court order, or government request, or when we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security issues
• Protect the safety of any person

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Singapore, including:

• United States (AWS servers)
• European Union (for EU customers)
• Other countries where our service providers operate

We ensure appropriate safeguards are in place for international transfers through:

• Standard Contractual Clauses approved by regulatory authorities
• Ensuring recipients provide comparable data protection
• Obtaining your consent where required

7. Data Security

We implement comprehensive security measures to protect your personal data:

7.1 Technical Measures

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure API authentication and authorization
• VPC network isolation with private subnets
• IAM access controls with principle of least privilege
• Automated backup systems with encryption
• Rate limiting and concurrency controls

7.2 Organizational Measures

• Access controls and principle of least privilege
• Employee training on data protection
• Confidentiality agreements with staff and contractors
• Regular security reviews and updates
• Incident response procedures

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Data Category	Retention Period
Account Information	Duration of account + 3 years
API Request Data	24 hours
API Access Logs	90 days
API Error Logs	30 days
Processed Results	7 days (temporary processing)
Database Backups	7-90 days (hierarchical: hourly/daily/weekly)
Payment Records	7 years (legal requirement)
Support Communications	3 years after resolution
Marketing Preferences	Until withdrawal of consent

9. Your Rights and Choices

Under the PDPA and GDPR (where applicable), you have the following rights:

9.1 Access and Portability

• Request access to your personal data
• Receive your data in a machine-readable format
• Transfer your data to another service provider

9.2 Correction and Deletion

• Correct inaccurate or incomplete data
• Request deletion of your data (subject to legal obligations)
• Restrict processing of your data

9.3 Consent Management

• Withdraw consent for marketing communications
• Manage cookie preferences
• Opt-out of non-essential data processing

9.4 Complaints

You have the right to lodge a complaint with:

• Singapore: Personal Data Protection Commission (PDPC)
• EU: Your local Data Protection Authority

To exercise any of these rights, please contact our DPO at dpo@eddie.surf. We will respond within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences at any time.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it.

12. AI and Machine Learning

We use AI and machine learning technologies to:

• Improve data extraction accuracy
• Detect and prevent abuse
• Optimize API performance
• Provide intelligent data structuring

All AI processing uses anonymized or aggregated data where possible. We do not use your personal data for AI training without explicit consent.

13. Third-Party Websites

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification (for registered users)
• Displaying a prominent notice on our platform

Continued use of our services after changes indicates acceptance of the updated policy.

15. Data Processing Agreement

For enterprise customers and those requiring additional data protection commitments, we offer a comprehensive Data Processing Agreement.

16. GDPR Compliance

For users in the European Economic Area, please refer to our detailed GDPR Compliance page for additional information about how we meet GDPR requirements.

17. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Data Protection Officer: dpo@eddie.surf
• General Inquiries: Contact Form
• Postal Address: Sure Scale Private Limited, 160 Robinson Road, #14-04 SBF Center, Singapore 068914