SearchCans

Privacy Policy

Effective Date: March 02, 2026

SearchCans ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our API services (the "Services").

Core Principle: Data Minimization. Unlike traditional data platforms, SearchCans acts as a real-time infrastructure pipe. We purposefully design our systems not to persist the content you scrape.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

  • Identity Data: Email address and encrypted password.
  • Billing Data: Payment details. This includes Stripe customer IDs and transaction metadata. We do not store full credit card numbers or raw payment credentials.

1.2 Usage Data & Logs

When you use our API or website, our servers automatically record certain metadata, including:

  • Technical Data: IP address, browser type, and operating system.
  • API Metadata: Timestamps, API endpoints accessed, HTTP status codes, and latency metrics.
  • Request Parameters: The target URLs or search queries you submit (stored only as logs for debugging and security, not as content databases).

2. How We Handle API Data

We explicitly distinguish between "Account Data" and "API Payload Data" (the results from SERP or Reader API):

2.1 Transient Processing

When you use our Reader API or SERP API:

  • We fetch the data from the target source in real-time.
  • We process/convert it (e.g., to Markdown or JSON).
  • We deliver it to you immediately.
  • We do not store, cache, or archive the body content (HTML, text, images) of your requests. Once the response is sent to you, the content payload is discarded from our RAM.

2.2 Controller vs. Processor

  • SearchCans as Controller: We are the "Controller" of your Account Information (email, billing).
  • SearchCans as Processor: For the data you retrieve via our API (e.g., third-party web content), SearchCans acts solely as a "Data Processor" acting on your instructions. You are the "Controller" responsible for that data.

3. How We Use Your Information

We use the collected logs and account data for the following legitimate business purposes:

  • Service Provision: To authenticate your API requests and process billing.
  • Security & Fraud Prevention: To detect abnormal traffic patterns, prevent scraping abuse, and enforce concurrency limits.
  • Debugging: To help you troubleshoot failed API requests using log metadata.
  • Communication: To send you transactional emails (invoices, password resets) or critical service updates.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Services you have signed up for, including account management, API access, and billing.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, including fraud prevention, security monitoring, service optimization, and usage analytics — provided these interests are not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, such as tax reporting and responding to lawful government requests.
  • Consent (Art. 6(1)(a)): Where we rely on consent (e.g., marketing emails, non-essential cookies), you may withdraw consent at any time by contacting us or adjusting your preferences. Withdrawal does not affect the lawfulness of prior processing.

5. Data Retention

We adhere to strict retention policies:

  • API Content Payload: 0 days (Not stored).
  • Access Logs (Metadata): Retained for up to 90 days for security auditing, then aggregated or deleted.
  • Account Information: Retained as long as your account is active. If you delete your account, we delete your personal data within 30 days, except for financial transaction records which are retained for seven (7) years as required by applicable tax and accounting regulations.

6. Data Sharing and Third Parties

We do not sell your data. We share data only with trusted infrastructure providers necessary to run the service:

  • Payment Processing: Stripe (for payment processing and fraud detection).
  • Cloud Infrastructure: AWS, Cloudflare, Tencent Cloud, and Alibaba Cloud (for hosting, WAF protection, and CDN). All infrastructure is deployed in US-based regions.
  • Analytics: Google Analytics (for website traffic analysis, anonymous).

7. Your Rights

Depending on your location and applicable data protection laws (including GDPR for EEA/UK users and CCPA for California residents), you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data ("Right to be Forgotten"), subject to legal retention obligations.
  • Restriction: Request that we restrict the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Portability: Request your data in a structured, machine-readable format.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Non-Discrimination (CCPA): We will not discriminate against you for exercising your privacy rights.
  • Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us at support@searchcans.com. We will respond within thirty (30) days of receiving a verifiable request. We may request additional information to verify your identity before processing the request.

SearchCans does not sell personal information as defined under CCPA.

8. International Data Transfers

SearchCans operates with infrastructure hosted in the United States. If you are accessing the Services from outside the United States, your data may be transferred to and processed in the United States.

For transfers from the EEA/UK to countries not recognized as providing an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as appropriate.

Our third-party infrastructure providers (including AWS, Cloudflare, Tencent Cloud, and Alibaba Cloud) operate under US-based deployments and maintain their own data protection commitments. By using the Services, you acknowledge and consent to the processing of your data in the United States.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay via email and/or dashboard notification. We will also notify the relevant supervisory authority within seventy-two (72) hours where required by applicable law (e.g., GDPR Article 33).

10. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will promptly delete such data. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@searchcans.com.

11. Contact Us

If you have questions about this Privacy Policy, please contact us:

SearchCans Privacy Team
Email: support@searchcans.com

This Privacy Policy is part of and subject to the Terms of Service. Please also review our Cookie Policy.