Web data acquisition
Ultron includes tools that gather public information from the web: company and contact research, maps and jobs data, traffic estimates, review monitoring, and social trend signals. This page sets out how those tools acquire data, the operating limits they run under, the lines we do not cross, and the legal reality that public does not mean free to process for any purpose. It is the data-sourcing companion to the Acceptable Use Policy and allocates responsibility between you as controller and Ultron as processor.
Overview
- Scope
- Publicly accessible web data only
- Robots directives
- Respected
- Access controls
- Never circumvented
- Shared data product
- None. Results stay in your workspace
- Used to train models
- Never
- Lawful basis for reuse
- Your responsibility as controller
- Removal requests
privacy@51ultron.com
The ingestion tools exist to put public, decision-useful information in front of you faster than manual research would. They are built to behave like a considerate visitor rather than an extraction operation. The individual sources and how each is wired are documented across the Scrapers section of the product docs; this page is the policy that governs all of them and the allocation of legal responsibility that comes with using them.
Definitions
| Term | Meaning |
|---|---|
| Publicly accessible | Reachable without authentication, payment, or circumvention of a technical access control |
| Crawling and scraping | Automated retrieval of pages and extraction of structured fields from them |
| Robots directives | Machine-readable instructions a site publishes, including robots.txt and equivalent signals, about automated access |
| Rate limiting | Bounding request frequency so a source is not overloaded |
| Enrichment | Looking up additional public or licensed data about a known entity, such as a contact at a company |
| Data subject | An identifiable living person whose personal data appears in collected data |
Operating principles
- Public only. We collect information accessible without authentication or circumvention.
- Respect signals. We honour robots directives and apply reasonable rate limits so a source is not degraded.
- Purpose bound. Data is collected to answer the request you made and delivered into your workspace, not pooled into a shared dataset.
- Minimise. We collect the fields a task needs, not everything a page exposes.
- Identify honestly. We do not impersonate a specific named individual to gain access.
- Traceable. Ingestion runs are logged so a result can be traced to its source and time.
- No model training. Collected data is never used to train any model, ours or a third party's.
Sources and tools
The categories of public source the ingestion tools draw from, and the processors involved.
| Category | Examples | How it runs |
|---|---|---|
| Business and company data | Public company profiles, maps listings, traffic and rank estimates, startup and funding directories | A managed scraping runtime, a headless-browser service, and official public endpoints |
| Hiring signals | Public job postings and roles | A managed scraping runtime and official job endpoints |
| Contact discovery and enrichment | Professional contact details from public and licensed enrichment sources | A licensed enrichment provider and public sources |
| Reviews and reputation | Publicly posted product reviews and ratings | A managed scraping runtime and public review pages |
| Social and trend signals | Public trend, hashtag, and post velocity data | Official public social endpoints |
| Public forum research | Public discussion threads | Public forum endpoints |
How acquisition works
A request names a target and a goal, for example places matching a search term in a city, or roles at a named company. The relevant tool retrieves only public pages or queries a public or licensed endpoint, extracts the fields the task needs, and writes the result into your workspace. Retrieval is rate limited per source. Where a source publishes robots directives, those are respected. Where a source offers an official API or licensed feed, the tool prefers it over page scraping. Results are cached only as needed to complete the task and to let you re-open the result.
What we collect
| Type | Examples |
|---|---|
| Company data | Name, sector, size, location, public web presence, traffic and rank estimates, funding signals |
| Role and hiring data | Public job titles, descriptions, locations, posting dates |
| Professional contact data | Name, role, company, and professional contact details from public or licensed sources |
| Public reputation data | Publicly posted reviews, ratings, and the text of public discussion |
| Public trend data | Aggregate trend, hashtag, and engagement signals |
What we do not do
- We do not break or bypass authentication, paywalls, rate-limit blocks, or other technical access controls.
- We do not collect content that requires logging in to a third party as anyone other than the connected user who authorised it.
- We do not knowingly collect special category personal data under Article 9 of the GDPR, such as data revealing health, biometrics, or protected characteristics.
- We do not scrape facial images to build or populate a facial-recognition database, a practice prohibited under the AI Act.
- We do not resell collected data as a standalone product or merge it into a shared corpus across customers.
- We do not use collected data to train models. See How we use your data for AI.
Public data is not free data
A common and costly mistake is to assume that because personal data is publicly visible, it can be collected and used for any purpose. Under the GDPR it cannot. Public personal data is still personal data, and processing it still requires a lawful basis, still triggers the rights of the person it describes, and still attracts the principles of purpose limitation and data minimisation. The publicness of the source affects the analysis but does not remove the obligation.
When an ingestion tool returns personal data, for example a named contact at a company, that data is processed on your behalf under the Data Processing Addendum, with you acting as controller. You decide the purpose, and you must hold a basis for that purpose.
Lawfulness of reuse
For business-to-business contact data used for a proportionate purpose, controllers commonly rely on legitimate interests under Article 6(1)(f), subject to a balancing test against the rights of the person and to the person's right to object. That basis is not automatic: it depends on the purpose, the expectations of the person, and the safeguards you apply. Other purposes may require a different basis. Special category data requires an Article 9 condition that the ingestion tools are not designed to satisfy, which is why you should not use them to assemble it.
Outbound and marketing
Where you use collected contact data to reach people, electronic marketing rules apply on top of the GDPR. In the European Union the ePrivacy regime and national implementations govern unsolicited electronic communication, including consent requirements for some recipients and an opt-out in every message. Other jurisdictions impose their own rules. You are responsible for meeting the rules that apply to each recipient. The Acceptable Use Policy prohibits using the platform for unlawful outreach, and persistent abuse can lead to suspension.
Intellectual property and source terms
Public content can still be protected by copyright or database rights, and a source can impose terms on automated access. The tools are operated to respect robots directives and to prefer official endpoints, but the lawfulness of using a specific piece of collected content for a specific purpose, including any copyright analysis, is yours to assess as controller. Do not use the tools to reproduce or redistribute third-party content in a way that infringes the rights of the source.
Storage and retention
Collected data is stored in your workspace as content and follows the content retention windows in the Privacy Policy: it persists until you delete it, then rolls out of backups within thirty days. You can export it before deletion. Because results are scoped to your workspace, deleting them removes them for you; they were never copied into a shared dataset.
Your responsibilities
As controller for data you collect and process through Ultron, you are responsible for determining the purpose and the lawful basis, for providing any notice the law requires to the people whose data you process, for honouring their rights including access, objection, and erasure, for not using the tools to gather data you are not entitled to use, and for keeping any outreach built on the data lawful. The platform provides the means to collect; the lawfulness of a given collection and use is your decision.
Removal requests
If you are an individual or an organisation and you believe data about you was collected or processed through Ultron in a way that affects your rights, write to privacy@51ultron.com. Where Ultron holds the data only as a processor on behalf of a customer, we route the request to that customer, who acts as controller and is responsible for responding. Where Ultron is the controller, we action the request under the Privacy Policy. We acknowledge requests promptly and respond within the timeframes the GDPR sets.
Enforcement
The ingestion tools are subject to the Acceptable Use Policy. Where we become aware that the tools are being used to break the rules on this page, to defeat access controls, to assemble special category data, or to conduct unlawful outreach, we can rate-limit, suspend, or remove access to the affected tools, and in serious cases suspend the account, as set out in the Acceptable Use Policy and the Terms of Service.
Contact
Questions about data acquisition go to privacy@51ultron.com. Conduct rules for using the platform, including the tools described here, are in the Acceptable Use Policy, and the processors involved are on the Subprocessors page.