Legal

Web data acquisition

Ultron includes tools that gather public information from the web: company and contact research, maps and jobs data, traffic estimates, review monitoring, and social trend signals. This page sets out how those tools acquire data, the operating limits they run under, the lines we do not cross, and the legal reality that public does not mean free to process for any purpose. It is the data-sourcing companion to the Acceptable Use Policy and allocates responsibility between you as controller and Ultron as processor.

Updated today

Overview

At a glance
Scope
Publicly accessible web data only
Robots directives
Respected
Access controls
Never circumvented
Shared data product
None. Results stay in your workspace
Used to train models
Never
Lawful basis for reuse
Your responsibility as controller
Removal requests
privacy@51ultron.com

The ingestion tools exist to put public, decision-useful information in front of you faster than manual research would. They are built to behave like a considerate visitor rather than an extraction operation. The individual sources and how each is wired are documented across the Scrapers section of the product docs; this page is the policy that governs all of them and the allocation of legal responsibility that comes with using them.

Definitions

TermMeaning
Publicly accessibleReachable without authentication, payment, or circumvention of a technical access control
Crawling and scrapingAutomated retrieval of pages and extraction of structured fields from them
Robots directivesMachine-readable instructions a site publishes, including robots.txt and equivalent signals, about automated access
Rate limitingBounding request frequency so a source is not overloaded
EnrichmentLooking up additional public or licensed data about a known entity, such as a contact at a company
Data subjectAn identifiable living person whose personal data appears in collected data

Operating principles

  • Public only. We collect information accessible without authentication or circumvention.
  • Respect signals. We honour robots directives and apply reasonable rate limits so a source is not degraded.
  • Purpose bound. Data is collected to answer the request you made and delivered into your workspace, not pooled into a shared dataset.
  • Minimise. We collect the fields a task needs, not everything a page exposes.
  • Identify honestly. We do not impersonate a specific named individual to gain access.
  • Traceable. Ingestion runs are logged so a result can be traced to its source and time.
  • No model training. Collected data is never used to train any model, ours or a third party's.

Sources and tools

The categories of public source the ingestion tools draw from, and the processors involved.

CategoryExamplesHow it runs
Business and company dataPublic company profiles, maps listings, traffic and rank estimates, startup and funding directoriesA managed scraping runtime, a headless-browser service, and official public endpoints
Hiring signalsPublic job postings and rolesA managed scraping runtime and official job endpoints
Contact discovery and enrichmentProfessional contact details from public and licensed enrichment sourcesA licensed enrichment provider and public sources
Reviews and reputationPublicly posted product reviews and ratingsA managed scraping runtime and public review pages
Social and trend signalsPublic trend, hashtag, and post velocity dataOfficial public social endpoints
Public forum researchPublic discussion threadsPublic forum endpoints
Note
The processors that run ingestion are listed, with location and role, on the Subprocessors page. The per-tool engineering detail is in the Scrapers section of the docs.

How acquisition works

A request names a target and a goal, for example places matching a search term in a city, or roles at a named company. The relevant tool retrieves only public pages or queries a public or licensed endpoint, extracts the fields the task needs, and writes the result into your workspace. Retrieval is rate limited per source. Where a source publishes robots directives, those are respected. Where a source offers an official API or licensed feed, the tool prefers it over page scraping. Results are cached only as needed to complete the task and to let you re-open the result.

What we collect

TypeExamples
Company dataName, sector, size, location, public web presence, traffic and rank estimates, funding signals
Role and hiring dataPublic job titles, descriptions, locations, posting dates
Professional contact dataName, role, company, and professional contact details from public or licensed sources
Public reputation dataPublicly posted reviews, ratings, and the text of public discussion
Public trend dataAggregate trend, hashtag, and engagement signals

What we do not do

  • We do not break or bypass authentication, paywalls, rate-limit blocks, or other technical access controls.
  • We do not collect content that requires logging in to a third party as anyone other than the connected user who authorised it.
  • We do not knowingly collect special category personal data under Article 9 of the GDPR, such as data revealing health, biometrics, or protected characteristics.
  • We do not scrape facial images to build or populate a facial-recognition database, a practice prohibited under the AI Act.
  • We do not resell collected data as a standalone product or merge it into a shared corpus across customers.
  • We do not use collected data to train models. See How we use your data for AI.

Public data is not free data

A common and costly mistake is to assume that because personal data is publicly visible, it can be collected and used for any purpose. Under the GDPR it cannot. Public personal data is still personal data, and processing it still requires a lawful basis, still triggers the rights of the person it describes, and still attracts the principles of purpose limitation and data minimisation. The publicness of the source affects the analysis but does not remove the obligation.

When an ingestion tool returns personal data, for example a named contact at a company, that data is processed on your behalf under the Data Processing Addendum, with you acting as controller. You decide the purpose, and you must hold a basis for that purpose.

Lawfulness of reuse

For business-to-business contact data used for a proportionate purpose, controllers commonly rely on legitimate interests under Article 6(1)(f), subject to a balancing test against the rights of the person and to the person's right to object. That basis is not automatic: it depends on the purpose, the expectations of the person, and the safeguards you apply. Other purposes may require a different basis. Special category data requires an Article 9 condition that the ingestion tools are not designed to satisfy, which is why you should not use them to assemble it.

Warning
Collecting is not the same as being entitled to use. Decide the purpose and confirm your lawful basis before you act on collected personal data, and document the balancing test where you rely on legitimate interests.

Outbound and marketing

Where you use collected contact data to reach people, electronic marketing rules apply on top of the GDPR. In the European Union the ePrivacy regime and national implementations govern unsolicited electronic communication, including consent requirements for some recipients and an opt-out in every message. Other jurisdictions impose their own rules. You are responsible for meeting the rules that apply to each recipient. The Acceptable Use Policy prohibits using the platform for unlawful outreach, and persistent abuse can lead to suspension.

Intellectual property and source terms

Public content can still be protected by copyright or database rights, and a source can impose terms on automated access. The tools are operated to respect robots directives and to prefer official endpoints, but the lawfulness of using a specific piece of collected content for a specific purpose, including any copyright analysis, is yours to assess as controller. Do not use the tools to reproduce or redistribute third-party content in a way that infringes the rights of the source.

Storage and retention

Collected data is stored in your workspace as content and follows the content retention windows in the Privacy Policy: it persists until you delete it, then rolls out of backups within thirty days. You can export it before deletion. Because results are scoped to your workspace, deleting them removes them for you; they were never copied into a shared dataset.

Your responsibilities

As controller for data you collect and process through Ultron, you are responsible for determining the purpose and the lawful basis, for providing any notice the law requires to the people whose data you process, for honouring their rights including access, objection, and erasure, for not using the tools to gather data you are not entitled to use, and for keeping any outreach built on the data lawful. The platform provides the means to collect; the lawfulness of a given collection and use is your decision.

Removal requests

If you are an individual or an organisation and you believe data about you was collected or processed through Ultron in a way that affects your rights, write to privacy@51ultron.com. Where Ultron holds the data only as a processor on behalf of a customer, we route the request to that customer, who acts as controller and is responsible for responding. Where Ultron is the controller, we action the request under the Privacy Policy. We acknowledge requests promptly and respond within the timeframes the GDPR sets.

Enforcement

The ingestion tools are subject to the Acceptable Use Policy. Where we become aware that the tools are being used to break the rules on this page, to defeat access controls, to assemble special category data, or to conduct unlawful outreach, we can rate-limit, suspend, or remove access to the affected tools, and in serious cases suspend the account, as set out in the Acceptable Use Policy and the Terms of Service.

Contact

Questions about data acquisition go to privacy@51ultron.com. Conduct rules for using the platform, including the tools described here, are in the Acceptable Use Policy, and the processors involved are on the Subprocessors page.