Skip to content

Security & Compliance

ScrapeNest is built for enterprise-grade reliability and security, aligned with NIS2 directive benchmarks and GDPR requirements.

NIS2 Compliance & Infrastructure Security

Our platform implements high-level cybersecurity measures to ensure service continuity and data integrity.

Edge Protection & WAF

All traffic to ScrapeNest passes through our hardened edge layer:

  • TLS 1.3 & HSTS: Strict transport security is enforced app-wide.
  • Web Application Firewall (WAF): Baseline OWASP CRS protection with proactive tuning for scraping-specific patterns.
  • Rate Limiting: Distributed rate limiting at the edge prevents brute-force and DoS attacks.

Multi-Tenant Isolation

ScrapeNest uses a "defense-in-depth" architecture to ensure total isolation between customer organizations:

  • Logical Isolation: Every database query and API call is scoped by org_id.
  • Infrastructure Isolation: Background jobs (Temporal) and scraping workers (Light/Standard/Stealth) run in isolated contexts, preventing cross-tenant data leakage.
  • Object Storage: Artifacts are stored with tenant-specific prefixes and accessed via short-lived, presigned URLs.

GDPR Readiness

We provide the tools you need to meet your data protection obligations.

Data Subject Access Requests (DSAR)

Automated workflows are available for:

  • Export: Retrieve all data associated with a specific identifier across your organization.
  • Deletion: Securely purge PII or specific job data.
  • Anonymization: Scrub sensitive fields from logs and metadata while preserving statistical value.

Data Mapping & PII Scrubbing

ScrapeNest supports proactive PII scrubbing in our Standard and Stealth workers, ensuring that sensitive data found in the DOM (like credit card numbers or emails) is redacted before being stored as an artifact.

Audit Logging

ScrapeNest maintains an immutable audit trail of all sensitive actions within your organization. Audit logs are retained for 365 days by default.

Tracked Events

  • Authentication: Successful logins, MFA challenges, and failed attempts.
  • IAM Changes: API key creation, rotation, and revocation; role changes.
  • Security Settings: IP allowlist updates, organization policy changes.
  • Data Lifecycle: Legal hold creation/release, retention policy updates.
  • High-Risk Actions: Artifact deletions, DSAR requests.

Accessing Audit Logs

You can stream audit logs to your SIEM via our Webhooks or download them as structured JSON from the Organization Settings > Audit section of the Customer Console.