This notice describes how MB Luminatech processes personal data in connection with the Gluedly automated visual web-scraping service. It is not legal advice. Organizations with specific compliance obligations should have qualified counsel review this text alongside their deployment and data-processing agreements.
Last updated: July 1, 2026
About the platform
Gluedly is a high-concurrency automated visual web-scraping platform. You configure target URLs, field mappings, and schedules; the service renders pages (including JavaScript-heavy sites where enabled), extracts structured results, and delivers them to your workspace, API, and integrations. Operations rely on dedicated concurrency lanes, queued workers, and metered credit consumption.
Who operates this service
The Gluedly service at https://gluedly.com is operated for processing purposes by MB Luminatech (“we”, “us”). Registered company and billing details are published on our Company & billing page. Account and support contacts for this installation are listed below.
Privacy contact: [email protected]
Information we process
- Account and authentication data (name, email, password hashes, optional two-factor settings, sign-in timestamps).
- Billing and subscription records (plan tier, payment status, invoices, credit balance and purchase history).
- Scrape configuration you supply (URLs, XPath/CSS selectors, schedules, API keys, webhook endpoints, integration settings).
- Extracted web payloads and structured scrape output stored on your behalf (see retention below).
- Technical telemetry required to operate lanes, queues, and billing (detailed in the next section).
- Standard web and application logs (IP address, user agent, request timestamps, error traces limited to engineering diagnostics).
Usage metrics, concurrency lanes, and credit telemetry
To run parallel scrapes fairly and bill on successful extractions, we record operational metrics tied to your account, including:
- Concurrency lane occupancy and plan limits (MB Luminatech tracks active jobs per account in Redis and enforces per-plan max_concurrent_scrapes caps).
- Queue depth, dispatch holds, and job lifecycle events published through RabbitMQ (including per-user scrape queues where enabled).
- Credit consumption events written to the application database (successful scrape debits, adjustments, top-ups, and transaction history).
- Live-traffic and dashboard counters used to display lane status, backlog signals, and fuel warnings.
- Job attempt counts, failure reasons, and timing metadata needed for retries, dead-letter handling, and support.
This telemetry is used to provide the service, enforce plan limits, calculate usage-based billing, improve reliability, detect abuse, and produce account-level reporting. It is not sold for third-party advertising profiles.
Third-party routing, proxies, and extraction partners
Fetching target pages at scale requires routing request metadata through vetted infrastructure partners. Depending on your scrape type and target site, MB Luminatech may transmit only the minimum technical data needed to complete a request, such as destination URL, session identifiers, browser fingerprint parameters, and anti-bot routing hints—via TLS-encrypted channels—to:
- Residential and datacenter proxy partners that rotate egress IPs and geographic zones.
- Managed scraping and browser automation APIs (including providers such as Decodo and comparable vendors configured for this deployment).
- Headless rendering and CAPTCHA-solving services where you enable JavaScript rendering or advanced extraction modes.
Partners act as subprocessors under contractual terms that require confidentiality, security measures, and processing only on our instructions. We do not authorize partners to use your routing metadata for their own marketing. A current subprocessor list is available on request via the privacy contact above.
Data controller and processor roles; limitation of liability
For all content retrieved from third-party websites through your configurations (“Extracted Web Payloads”), you are the Data Controller and MB Luminatech is the Data Processor. You determine the lawful basis, targets, fields, frequency, and downstream use of scraped data. MB Luminatech processes Extracted Web Payloads solely to perform the service under your instructions.
You represent that you have authority to scrape each target URL, that your use complies with applicable law (including copyright, contract, computer-misuse, and privacy rules), and that you will honor robots.txt, terms of use, and data-subject rights for personal data you collect. MB Luminatech does not audit every destination site and does not assume responsibility for your scraping program, compliance posture, or disputes arising from Extracted Web Payloads.
To the fullest extent permitted by law, MB Luminatech’s aggregate liability arising from processing Extracted Web Payloads is limited to fees you paid to MB Luminatech for the service in the twelve (12) months before the claim. We disclaim indirect, consequential, and punitive damages. Nothing in this notice limits liability that cannot be limited under applicable law.
Structured JSON output and GDPR / CPRA compliance
Successful extractions are normalized into structured JSON documents (field keys, values, timestamps, and provenance metadata) before storage or transmission to your API, webhooks, and integrations. We apply the following practices for regulated personal data:
- Lawful processing: we process account and telemetry data on contract performance, legitimate interests in securing the platform, and legal obligations; Extracted Web Payloads containing personal data are processed on your documented instructions as Data Processor.
- Data minimization: JSON schemas reflect only fields you map; avoid configuring extraction of special-category or sensitive fields unless you have a lawful basis and appropriate safeguards.
- Integrity and confidentiality: JSON at rest uses deployment-standard encryption; in transit uses TLS. Access is restricted by authentication, API scopes, and role separation.
- Retention: scrape snapshots follow the retention window below unless you delete them sooner or export and remove them from the platform.
- Cross-border transfers: where personal data leaves the EEA, UK, or Switzerland, we rely on appropriate safeguards (such as Standard Contractual Clauses) with subprocessors and on request can provide transfer details.
European Economic Area, UK, and Swiss residents (GDPR)
You may request access, rectification, erasure, restriction, portability, or object to processing of personal data we control (account and telemetry). For personal data inside Extracted Web Payloads where you are Controller, direct subject requests to you first; we will assist with technical measures as Processor. You may lodge a complaint with your supervisory authority.
California residents (CPRA)
We do not “sell” or “share” personal information as defined under the California Consumer Privacy Act, as amended by CPRA, for cross-context behavioral advertising. California residents may request to know, delete, or correct personal information we control, and to limit use of sensitive personal information where applicable. Authorized agents may submit requests with proof of authority. We will not discriminate against you for exercising these rights.
Why we use this information
We use the categories above to deliver scheduled and on-demand scrapes, enforce concurrency and credit limits, operate RabbitMQ workers, provide support, issue invoices, secure accounts, meet legal obligations, and improve platform reliability.
Cookies and similar technologies
We use cookies and similar storage to maintain secure sessions, protect forms, remember display preferences, and measure basic product usage. You can control cookies through your browser settings.
Diagnostics and reliability
We may collect technical reports when something fails (stack traces, job identifiers, coarse timing). Reports are limited to engineering troubleshooting—not advertising profiles. We avoid placing unnecessary personal data in diagnostics.
How long we keep scraped results
Structured scrape output stored in your workspace may be removed on a schedule. For this installation, the retention window is about 6 months where automatic cleanup is enabled.
Infrastructure and subprocessors
We rely on hosting providers, databases, Redis, RabbitMQ, email delivery, payment processors, proxy partners, and extraction APIs to run the platform. Contracts or equivalent safeguards apply where required by law.
International transfers
Data may be processed in countries other than your own. We implement safeguards appropriate to the transfer, including approved standard contractual terms where they apply.
Security
We apply technical and organisational measures appropriate to a scraping platform (encryption in transit, access controls, API key scoping, optional two-factor authentication). See our Security page for reporting vulnerabilities.
Your choices and rights
Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of personal data we control. Contact the privacy email above. For Extracted Web Payloads you control, use in-product deletion, API operations, or account closure where available.
Children
The service is not directed to children where parental consent would be required under local law.
Changes
We may update this notice. Material changes will be reflected in the “Last updated” date and, where appropriate, communicated in-product or by email.