Scraping Posture & Responsible Data Collection

DriftPatrol retrieves publicly accessible web pages on behalf of our Customers to detect content changes. We publish this posture to clarify how we operate, what we will and will not do, and how site operators can interact with us.

1. What we retrieve

• Only publicly accessible pages reachable without authentication, cookies, or circumvention of any technical protection measure.
• Only pages our Customer has designated for monitoring. We do not spider, crawl links, or discover content outside Customer-designated URLs.
• Only the information visible to a typical web browser: HTML, rendered text, publicly referenced metadata.

2. What we do not do

• We do not bypass paywalls, log-ins, CAPTCHAs, IP blocks, or rate limits.
• We do not create accounts, submit forms, or interact with pages beyond a single GET request per scheduled check.
• We do not scrape personal data intentionally. Incidental personal data on a designated page (e.g., an author byline on a vendor policy page) is Processed solely to produce a change summary and subject to the DPA.
• We do not redistribute retrieved content to third parties outside the requesting Customer's organization, except as expressly permitted by a platform-licensing agreement.
• We do not attempt to index the web, build a search engine, or compile datasets for third-party training.

3. robots.txt and polite-crawling

Our user agent is DriftPatrolBot/1.0 (+https://driftpatrol.app/bot). We respect Disallow directives in robots.txt that apply to our user agent or to *. We crawl a given page at most once per twenty-four (24) hours by default, and never more than once per hour. We do not issue concurrent requests to the same origin. We honor Retry-After, HTTP 429, and HTTP 503 responses with exponential back-off.

4. Legal basis

Our retrieval of publicly accessible pages without circumvention of technical barriers is consistent with United States law as articulated in hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180 (9th Cir. 2022), and related authority, which holds that scraping publicly available data does not violate the Computer Fraud and Abuse Act where no access barrier has been circumvented. We do not rely on hiQ for pages behind authentication or where a site operator has expressly withdrawn permission via robots.txt or cease-and-desist.

We also require our Customers, by contract, to represent that their designation of a Monitored URL and receipt of Output do not violate any third party's terms of service or applicable law. See Terms § 10.

5. Site-operator takedown

Site operators who wish to exclude DriftPatrol from retrieving their publicly accessible pages may do so by any of the following means, which we will honor within five (5) business days:

• Add a Disallow directive to robots.txt for user-agent DriftPatrolBot or *.
• Return HTTP 403 to our user agent.
• Email [email protected] with the domain or URL patterns to exclude.

We maintain an internal block list that is applied across all Customers and Monitored URLs.

6. DMCA

DriftPatrol's DMCA designated agent is registered with the U.S. Copyright Office. Copyright owners who believe content is being unlawfully reproduced through the Service may send notices to [email protected] in the form required by 17 U.S.C. § 512(c)(3).

7. Transparency

On written request, we will disclose (a) whether a specific URL is currently monitored through the Service, and (b) the retrieval frequency, to verified site operators. We do not disclose the identity of requesting Customers except as required by valid legal process.

8. Contact

Abuse / takedown: [email protected]. DMCA: [email protected]. Legal: [email protected].