Built to pass
legal review.

Public data only, PII scrubbed at source, ISO-aligned, NDA-first, and documented for compliance review. Here's exactly how we handle trust.

Built to pass legal and procurement review.

Web data has a reputation for living in a grey zone. We've built iWeb deliberately on the defensible side, because our clients' legal, security and procurement teams — and increasingly their investors — have to sign off on where their data comes from. Here's exactly how we handle it.

Public data only

We collect only publicly accessible data — no login-gated or private content, no circumventing access controls.

PII scrubbed at source

Personal identifiers are removed at collection. Review text and ratings are retained; reviewer identities are not.

ISO 9001 & 27001

Quality and information-security processes aligned to ISO 9001 and ISO/IEC 27001.

NDA-first & documented

We sign your NDA before sensitive discussions and provide written methodology for compliance review.

How we handle compliance

What we collect

Only publicly available information — the same data any visitor to a website or app can see without logging in. We do not access private accounts, bypass authentication, or collect data behind paywalls or access controls.

Personal data

We scrub personally identifiable information at the point of collection. For use cases like reviews, we keep the content, rating and metadata that carry the signal while dropping reviewer names and handles, consistent with GDPR-style principles.

AI training data & the EU AI Act

For training corpora, we provide per-source provenance documentation and respect text-and-data-mining opt-outs — the elements needed for the EU AI Act's training-data transparency requirements, applicable to general-purpose AI since August 2025. Read our AI-ready data guide →

How we operate

  • Rate-limited collection that respects target-site stability
  • Clear, written representations about collection methods
  • Data handled under ISO 27001-aligned security controls
  • NDA-first engagements with confidentiality both ways

We're not lawyers and this isn't legal advice — but we give your legal team the documentation they need to make their own assessment. See our 2026 compliance guide →

Questions from your legal team? Talk to us →

FAQ

Common questions.

Collecting publicly available data is broadly defensible in major jurisdictions, and courts (e.g. hiQ v. LinkedIn in the US) have supported access to public data, though specifics vary by jurisdiction and use. We collect only public data, scrub PII, respect rate limits and document our methods — but your legal team should make the final assessment for your use case, and we provide the documentation to enable that.

We scrub personally identifiable information at the point of collection. For reviews and similar content, we retain the text, rating and metadata that carry the signal while removing reviewer names and handles, consistent with GDPR-style data-minimization principles.

For training corpora we provide per-source provenance documentation (source, date, method, access basis) and respect text-and-data-mining opt-outs — the elements needed to meet the EU AI Act's training-data transparency requirements, which apply to general-purpose AI models since August 2025.

Our quality and information-security processes are aligned to ISO 9001 and ISO/IEC 27001. We operate NDA-first and can provide written methodology documentation for your security and procurement review.

Get a free sample dataset in 48 hours.