Skip to main content
Engineering

Privacy-First Web Scraping API for Regulated Work

A privacy-first web scraping API for regulated teams: keep scraped data on-prem, self-host the engine, and stop third-party data egress.

fastcrw
By RecepJuly 11, 20269 min readLast updated: July 12, 2026

By the fastCRW team · Architecture and pricing facts verified 2026-05-18 · Verify independently before relying on this for a compliance decision.

Disclosure: we build fastCRW. This is a vendor-authored piece, and on the one question that matters most here — "is this tool a compliance certificate?" — the honest answer is no, for fastCRW or any other scraper. We say so plainly below, and we name where managed cloud APIs genuinely fit better.

Why a privacy-first web scraping API is hard to find for regulated work

If you work in health, finance, legal, or government, you have probably hit the wall already: you need web data, but the obvious tools all want to route your queries and your results through someone else's cloud. A normal scraping API is, architecturally, a data processor you have invited into the middle of your pipeline. A privacy-first web scraping API inverts that — the engine runs inside your boundary, and the only thing that crosses the network is the request to the public site you were going to fetch anyway. That distinction is the whole article.

Every scrape routes target URLs and content through the vendor

With a cloud-only scraping API, three things leave your network on every call: the target URL (which can itself be sensitive — an internal-facing portal, a patient-portal domain, a counterparty's filing), the scraped content that comes back, and, if you use AI extraction, the extraction prompt and schema. For a regulated workload, each of those is a disclosure to a third party that your data-protection officer has to account for.

Data residency, retention, and processor agreements

Once a vendor sees your data, you inherit their region, their retention window, and their sub-processor list. Under GDPR that means a controller-processor agreement and a lawful basis for the transfer; under a HIPAA workflow it means a Business Associate Agreement (BAA) and an accounting of where protected health information lands. None of that is impossible — it is just paperwork and risk you would not have if the data never left.

Where managed APIs gate privacy behind Enterprise tiers

The common pattern is that the privacy control you actually need — zero data retention — exists, but only on the Enterprise tier. Firecrawl, the category reference whose API shape fastCRW mirrors, offers zero-data-retention as an Enterprise-only feature. That is a legitimate business model, but it means the small or mid-size regulated team often can't buy the one guarantee they need at a price they can justify.

What "privacy-first" actually requires

Marketing uses "private" loosely. For a regulated pipeline it has a concrete, testable definition.

Zero third-party egress of queries and results

The strongest version is structural: the scraping engine itself runs inside your VPC or on-prem, so neither the target URL nor the returned content is ever sent to a vendor. The engine reaches out to the public site, the bytes come back to your machine, and that is the end of the trip. This is the property a cloud-only API cannot offer without a contractual add-on, because the architecture sends your data to them by design.

Self-hosting any LLM extraction step

If you extract structured JSON, an LLM is in the loop, and that is a second egress point most teams forget. Privacy-first means you decide which model sees the page — and the structural answer is to self-host the engine and run your own local inference, so the extraction never leaves your boundary at all. (On the managed cloud, LLM-based JSON extraction is a managed feature on paid plans; for a hard zero-egress requirement, self-host plus a local model is the path.)

Auditable, self-hosted infrastructure you own

"Trust us" is not a control. Source-available code you can review, plus infrastructure you run and can point a network capture at, is. fastCRW's engine is AGPL-3.0 and the repo is public at github.com/us/crw, so your security team can read exactly what the binary does before it touches a single sensitive URL.

Building a privacy-first scraping pipeline

Here is the concrete shape of a pipeline that keeps data inside your boundary.

Self-host the open-core engine inside your boundary

fastCRW's engine is a single static Rust binary — no Redis, no Node, no container sprawl — and ships as a single ~8 MB image / 1 container (a structural fact from the README, not a benchmark). You run it on a box you control. Because it speaks a Firecrawl-compatible REST surface (/v1/scrape, /v1/crawl, /v1/map, /v1/search), your code talks to it exactly as it would to a hosted API — the only difference is the base URL points at your own host. See self-host vs managed scraping for the deployment trade-offs.

Keep LLM extraction inside your own boundary

The strongest privacy posture is to self-host the engine and run a local model for the extraction step, so the prompt, schema, and page content never leave your network. When you pass formats: ["json"] with a jsonSchema, the extraction runs against the model you point the engine at — keep that model inside your boundary and the structuring step has no egress at all. (Note: on the managed cloud, LLM-based JSON extraction is a managed feature available on paid plans; the truly air-gapped path is self-host plus your own local inference — more on the managed limits below.)

Respecting robots.txt and lawful-access controls

Privacy-first cuts both ways: you owe the same respect to the sites you fetch. fastCRW honors robots.txt by default and only allows an override when the caller has the legal right to do so. For regulated work, that default is a feature — it keeps your collection inside the lawful-access line your counsel drew.

Compliance is the deployer's job, not the tool's

This is the section a vendor is tempted to skip. We won't.

fastCRW provides data-residency primitives, not a certification

Self-hosting an open-core engine gives you the primitives to meet GDPR or HIPAA obligations — data stays in your region, on your hardware, under your control. It does not give you a certification. The architecture removes the egress; you still have to do the access controls, encryption, logging, and the actual risk assessment.

No BAA, no compliance certification — you own the obligation

fastCRW is a tool, not a BAA-covered or SOC-2-certified processor for your specific deployment. If your workflow handles PHI and needs a BAA, no scraper binary can sign one for you — the obligation lives with you as the deployer. The structural advantage is precisely that you don't need a third party in scope, because no third party is in the data path.

Stateless engine means you own audit logging and retention

fastCRW is stateless per request — it does not persist your jobs, results, or sessions. For audit purposes that is a double-edged property: nothing lingers in the engine to leak, but you must capture your own audit log and define your own retention. Wire request/response logging into your existing SIEM the same way you would for any internal service.

What to plan around

A privacy-first architecture has real trade-offs worth planning for up front.

Anti-bot and residential proxy coverage is built in

fastCRW ships 12-signal block detection, user-agent rotation, stealth fingerprints, and proxy rotation through a residential-proxy egress tier in the open core, so hardened targets behind common bot defenses are covered without a third-party anti-bot service in your data path. Screenshots are supported too: pass formats: ["screenshot"] and get a base64 PNG data URL back.

Stateless requests — you own session and audit logging

Because the engine holds no session state, anything that needs persistence — login sessions across multi-step flows, job history, audit trails — is your responsibility to orchestrate around it. That is the price of an engine that keeps nothing.

Managed cloud when you need it, without losing control

Not every job is sensitive. The point of an open-core model is that you don't have to choose one path forever.

Free credits to start, managed LLM on paid plans

The managed cloud starts free (500 one-time lifetime credits — not a monthly meter), and LLM features such as managed JSON extraction and answer synthesis run on paid plans; the Free plan has no LLM features. So you can run sensitive jobs on the self-hosted engine and burst non-sensitive volume to the managed cloud. Managed pricing lives on the live pricing page — don't trust a hard-coded table, including this one.

Same API surface as the self-hosted engine

The managed cloud and the self-hosted binary expose the same Firecrawl-compatible API. Routing a job from "in our boundary" to "in the cloud" is a base-URL change, not a rewrite. That means your privacy posture is a runtime decision per workload, not a vendor lock-in you committed to at design time. For the broader privacy rationale, see local-first scraping and data privacy and the licensing implications in AGPL-3.0 for SaaS, explained.

Sources

Related: Local-first scraping and data privacy · Self-host vs managed scraping · AGPL-3.0 for SaaS

FAQ

Frequently asked questions

Does fastCRW help meet GDPR or HIPAA obligations?
It gives you the data-residency primitives, not a certification. Because the AGPL-3.0 engine self-hosts inside your own network and you can run LLM extraction against a local model, neither target URLs nor scraped content egress to a third party — which removes a vendor from your processor scope. But fastCRW is a tool, not a BAA-covered or certified processor; the compliance obligation, access controls, encryption, and risk assessment remain yours as the deployer.
Does a scraping API see the data I extract?
With a cloud-only scraping API, yes — your target URLs, the scraped content, and any extraction prompts all route through the vendor's cloud. With self-hosted fastCRW the engine runs inside your boundary, so the only network traffic is the request to the public site you were fetching anyway; nothing scraped is sent back to a vendor.
Can I keep the LLM extraction step private?
Yes. Self-host the engine and run a local model: you pass formats: ["json"] with a jsonSchema, and the extraction runs against the model you point the engine at, so the prompt and page content never leave your network. On the managed cloud, LLM-based JSON extraction is a managed feature available on paid plans; the fully air-gapped path is self-host plus your own local inference.
How do I prove scraped data never left my infrastructure?
Run the single static Rust binary inside your VPC or on-prem, apply an egress allow-list that permits only your target sites, and capture network traffic as evidence. Because the engine is AGPL-3.0 and source-available at github.com/us/crw, your security team can also review exactly what it does. The engine is stateless, so you own the audit logging and retention — wire it into your existing SIEM.
Does fastCRW have a zero-data-retention mode?
The self-hosted engine is stateless per request — it persists no jobs, results, or sessions — so retention is entirely under your control rather than a vendor toggle. That is structurally stronger than a cloud zero-data-retention add-on, which on Firecrawl is gated behind the Enterprise tier. The trade-off is that you must capture your own audit log if you need one.

Get Started

Try fastCRW free

Run a live request in the playground — no signup required. Or grab a free API key with 500 credits, no credit card.

Continue exploring

More engineering posts

View category archive