Scrape

Pre-Scrape Compliance Checklist

Before writing any scraping code:

1. robots.txt — Fetch {domain}/robots.txt, check if target path is disallowed. If yes, stop.
2. Terms of Service — Check /terms, /tos, /legal. Explicit scraping prohibition = need permission.
3. Data type — Public factual data (prices, listings) is safer. Personal data triggers GDPR/CCPA.
4. Authentication — Data behind login is off-limits without authorization. Never scrape protected content.
5. API available? — If site offers an API, use it. Always. Scraping when API exists often violates ToS.

Legal Boundaries

• Public data, no login — Generally legal (hiQ v. LinkedIn 2022)
• Bypassing barriers — CFAA violation risk (Van Buren v. US 2021)
• Ignoring robots.txt — Gray area, often breaches ToS (Meta v. Bright Data 2024)
• Personal data without consent — GDPR/CCPA violation
• Republishing copyrighted content — Copyright infringement

Request Discipline

• Rate limit: Minimum 2-3 seconds between requests. Faster = server strain = legal exposure.
• User-Agent: Real browser string + contact email: Mozilla/5.0 ... (contact: [email protected])
• Respect 429: Exponential backoff. Ignoring 429s shows intent to harm.
• Session reuse: Keep connections open to reduce server load.

Data Handling

• Strip PII immediately — Don't collect names, emails, phones unless legally justified.
• No fingerprinting — Don't combine data to identify individuals indirectly.
• Minimize storage — Cache only what you need, delete what you don't.
• Audit trail — Log what, when, where. Evidence of good faith if challenged.

For code patterns and robots.txt parser, see code.md