Privacy Policy

URLToad.ai — operated by Humble Venture Group ApS

Last updated: April 9, 2026

1. Data Controller

Humble Venture Group ApS
Honningvænget 3, 1. tv, 8381 Tilst, Denmark
CVR/VAT: DK45141691
Email: info@humbleventuregroup.com

2. What Data We Collect

Account Data: Email, name, company name, account type, domain names.

Authentication: Google OAuth or email/password via Supabase. We never store your Google password.

Usage Data: Scraper run configs and results, Google Sheets created on your behalf (stored in your Drive), CSV exports (temporary, with expiring links).

Technical Data: Browser type, IP address (for security, not stored long-term), timestamps.

Payment Data: Handled entirely by Stripe. We never see or store your card details.

3. How We Use Your Data

We use your data to provide the service, manage your account, process payments, send transactional emails, prevent abuse, and comply with legal obligations. Legal bases: contract performance (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)), and legal obligation (Art. 6(1)(c)).

4. Data We Scrape

URLToad crawls publicly accessible websites you submit. This data is stored in your account, accessible only by your team, and never sold or shared.

5. Who We Share Data With

Only our service providers: Supabase (database, Frankfurt EU), Google Cloud Platform (hosting, EU), Stripe (payments), Google APIs (exports), Cloudflare (DNS), and Usercentrics (cookie consent). See our Subprocessor List for details.

6. Data Retention

Account data: until you delete your account. Run results: until you delete them. Soft-deleted runs: permanently removed after 7 days. CSV download links: expire after 7 days. Payment records: 5 years (Danish law).

7. Your Rights (GDPR)

You have the right to access, rectify, erase, port, restrict, and object to processing of your data. To exercise any right, email info@humbleventuregroup.com. We respond within 30 days.

8. Data Deletion

Delete individual runs from the dashboard. Request full account deletion via info@humbleventuregroup.com. We delete all data including profiles, runs, files, and auth records.

9. Security

We use TLS encryption, Row Level Security on our database, PKCE authentication, CSRF protection, rate limiting, signed URLs, and secret management via GCP.

10. International Transfers

Primary data processing in the EU (Frankfurt). US-based services (Google, Stripe) operate under EU Standard Contractual Clauses.

11. Cookies

We use essential authentication cookies only. No analytics or advertising cookies. Managed via Usercentrics.

12. Contact

Humble Venture Group ApS
Email: info@humbleventuregroup.com
Honningvænget 3, 1. tv, 8381 Tilst, Denmark

Complaints: Danish Data Protection Agency (Datatilsynet) — datatilsynet.dk