Legal
Privacy Policy
Effective July 12, 2026 · Last updated July 12, 2026
1. Who we are
This Privacy Policy explains how SerpentAPI ("SerpentAPI," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit serpentapi.com, create an account, subscribe to a plan, or use our SERP APIs (collectively, the "Services").
Contact for privacy requests: support@serpentapi.com.
2. Scope and roles
When you create an account and use our dashboard or billing features, SerpentAPI is the controller (or "business" under U.S. state privacy laws) of your account and billing-related personal information.
When you send queries, URLs, or other inputs through the API, you determine what content is submitted. For that Customer Content, you are the controller (or business), and we process it as a processor / service provider only to provide the Services to you. You are responsible for ensuring you have a lawful basis to submit that content and to use any results you receive.
3. Information we collect
Account and profile information
- Email address and password (authentication credentials)
- Full name and optional company name
- Account identifiers and profile settings
Billing and subscription information
- Plan selection, subscription status, and token usage/allowances
- Payment method and billing details processed by Stripe (we do not store full card numbers)
- Invoices, receipts, and related transaction metadata
API and usage information
- API keys (stored hashed/prefixed; full keys shown only once at creation where applicable)
- Request metadata such as timestamps, endpoint, engine, parameters, status codes, token counts, and latency
- Query strings and related request parameters you submit
- Aggregated usage statistics used for billing, abuse prevention, and product reliability
Technical and security information
- IP address, user agent, device/browser type, and approximate network location
- Authentication session data and security logs
- Diagnostic logs needed to operate, debug, and secure the Services
Communications
- Support emails and related correspondence
- Transactional notices (billing, security, service updates)
We do not intentionally collect special-category data. Please do not submit sensitive personal data through the API unless it is necessary for your lawful use case and you have appropriate legal grounds.
4. How we use information
We use personal information to:
- Provide, operate, authenticate, and improve the Services
- Process subscriptions, invoices, and payments
- Enforce plan limits, rate limits, and our Terms of Service
- Detect, investigate, and prevent fraud, abuse, security incidents, and spam
- Provide customer support and respond to requests
- Send transactional and service-related communications
- Comply with law, respond to lawful requests, and protect our legal rights
- Analyze aggregated or de-identified usage to improve reliability and capacity planning
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
5. Legal bases (EEA/UK users)
Where GDPR/UK GDPR applies, we rely on one or more of the following bases:
- Performance of a contract — to provide the Services you request
- Legitimate interests — security, fraud prevention, service improvement, and defending legal claims (balanced against your rights)
- Legal obligation — where we must retain or disclose information to comply with law
- Consent — where we specifically ask for it (you may withdraw consent at any time)
6. How we share information
We share personal information only as needed with:
- Payment processors — Stripe processes payments and billing data under its own privacy policy
- Infrastructure and auth providers — hosting, database, authentication, email, and monitoring vendors that process data on our instructions
- Professional advisors — lawyers, accountants, or insurers when reasonably necessary
- Authorities and counterparties — when required by law, legal process, or to protect rights, safety, or the integrity of the Services
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections
Third-party search engines and websites may receive the queries or URLs you submit when we retrieve results on your behalf. Those parties process such requests under their own terms and policies. We do not control their practices.
7. Cookies and similar technologies
We use essential cookies and similar technologies for authentication, session management, security, and remembering preferences. These are required for the Services to function.
Optional analytics and marketing cookies (when enabled) are only set if you consent via our cookie banner. You can change your choice anytime from the Cookies link in the site footer. We do not currently load third-party advertising or analytics scripts until those integrations are turned on and your consent allows them.
8. Retention
We retain information for as long as needed to provide the Services and for legitimate business purposes:
- Account and profile data — while your account is active, and for a reasonable period afterward
- Billing and tax records — as required by applicable financial and tax laws
- API usage and request logs — for billing, abuse prevention, support, and security (typically for the active billing period plus a limited lookback, unless longer retention is required)
- Security logs — for a period appropriate to investigate incidents and protect the platform
When retention is no longer necessary, we delete or de-identify information, except where we must keep it for legal, security, or dispute-resolution reasons.
9. Security
We implement administrative, technical, and organizational measures designed to protect personal information, including encrypted transport (TLS), access controls, hashed API key storage practices, and monitoring for abuse. No method of transmission or storage is 100% secure. You are responsible for protecting your password and API keys and for promptly notifying us of suspected compromise.
10. International transfers
We may process and store information in the United States and other countries where we or our processors operate. Those locations may have different data-protection laws than your home country. Where required, we use appropriate transfer mechanisms (such as standard contractual clauses) with our processors.
11. Your rights
Depending on your location, you may have rights to:
- Access, correct, or delete personal information we hold about you
- Export a copy of your personal information in a portable format
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
- Appeal a denied privacy request (where required by law)
- Lodge a complaint with a supervisory authority
To exercise these rights, email support@serpentapi.com. We may need to verify your identity before fulfilling a request. Some rights are limited where we must retain data for billing, security, fraud prevention, or legal compliance.
California / U.S. state privacy laws: We do not sell or "share" personal information as those terms are commonly defined for advertising. You may request to know, delete, or correct personal information subject to statutory exceptions. We will not discriminate against you for exercising privacy rights.
12. Children
The Services are not directed to children under 16 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.
13. Third-party services and links
The Services integrate with or link to third parties (for example Stripe, authentication providers, and search engines). Their privacy practices are governed by their own policies. We are not responsible for third-party practices.
14. Changes
We may update this Privacy Policy from time to time. The "Last updated" date will change when we post revisions. Material changes may also be communicated by email or in-product notice. Continued use of the Services after an update constitutes acceptance of the revised policy where permitted by law.
15. Related terms
Use of the Services is also governed by our Terms of Service.
Questions? support@serpentapi.com · Docs · About · Terms · Privacy