Privacy Policy
This Privacy Policy explains how Browsa (“Browsa,” “we,” “us”) collects, uses, shares, and protects information in connection with the Browsa AI browser-automation API and related websites, dashboards, and services (the “Service”). It should be read together with our Terms of Service.
1. Data we collect
- Account data. Information you provide when registering — such as name, email address, password hash, organization, and dashboard settings.
- Usage data. Operational and telemetry data about how you use the Service — API request metadata, endpoints called, credit consumption, job and agent identifiers, timestamps, IP address, user-agent, and error/diagnostic logs.
- Job inputs and outputs. The content you submit to run automations — task instructions, target URLs, schemas, prompts — and the results we return, including scraped HTML/text, extracted data, and screenshots. Job inputs and outputs may incidentally contain personal data that you choose to provide or that exists on target sites; you are responsible for the lawfulness of that processing.
- Payment data. Billing is handled by Stripe. We receive limited transaction metadata (such as plan, amount, status, and the last four digits of a card). We do not store full card numbers; that data is collected and processed directly by Stripe.
- Communications. Messages you send to support, sales, or security, and related metadata.
2. How we use data
We use the data above to:
- Provide, operate, secure, and maintain the Service, including provisioning browser identities and executing your jobs.
- Authenticate accounts and API keys and prevent fraud and abuse.
- Meter usage, calculate credits, and process payments.
- Monitor performance, debug, and improve reliability and features.
- Provide support and respond to your requests.
- Comply with legal obligations and enforce our Terms of Service.
We process personal data on lawful bases including performance of our contract with you, our legitimate interests in operating and securing the Service, your consent (where required, e.g. for non-essential cookies), and compliance with legal obligations. We do not sell personal data.
3. Third parties & sub-processors
We share data with service providers who process it on our behalf, under contract, only to deliver the Service:
| Category | Purpose | Data shared |
|---|---|---|
| LLM providers (e.g. Anthropic, OpenAI) | Execute natural-language AI tasks | Task instructions and page content needed to complete the task. Where you supply your own provider key (BYOK), the key is used per request and not stored. |
| Proxy / network providers | Route browser egress through the requested geography | Target URLs and connection metadata |
| Stripe | Payment processing | Billing and transaction data (card data handled directly by Stripe) |
| Cloud hosting & infrastructure | Run and store the Service | Account, usage, and job data as needed to operate |
We may also disclose data when required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (subject to this policy). We use commercially reasonable efforts to ensure third parties handle data securely and consistently with this policy.
4. Data retention
We retain personal data only as long as necessary for the purposes described here. Account data is retained while your account is active. Usage and log data is retained for a limited period for security, debugging, and billing reconciliation. Job inputs and outputs are retained for a limited operational window to deliver and let you retrieve results, after which they are deleted or anonymized, unless a longer period is required by law or to resolve disputes. You can request earlier deletion as described below.
5. Security
We use administrative, technical, and organizational safeguards designed to protect data — including encryption in transit, hashed credentials and API-key secrets (we store only a hash of each key), access controls, and network isolation between internal services. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you as required by applicable law.
6. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, export (data portability), restrict, or object to the processing of your personal data, and to withdraw consent where processing relies on it. To exercise these rights, contact privacy@browsa.io. We will verify your request and respond within the timeframe required by applicable law. You may also have the right to lodge a complaint with your local data-protection authority.
8. International transfers
We and our sub-processors may process data in countries other than the one in which you reside, including where data-protection laws differ. Where required, we rely on appropriate safeguards for cross-border transfers, such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms. The specific transfer mechanisms and locations should be confirmed by legal counsel before production use.
9. Children
The Service is not directed to children, and you must be at least 18 years old to use it. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@browsa.io and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
11. Contact
For privacy questions or to exercise your rights, email privacy@browsa.io. For general support, email support@browsa.io. See also our Terms of Service.