🤖 Overview

iubenda-radar is a legitimate automated crawler operated by iubenda S.R.L., an Italian company specializing in privacy compliance solutions (GDPR, ePrivacy, CCPA). First launched in ~2017, the bot continuously scans publicly accessible web pages to detect changes in privacy policies, cookie banners, and third‑party data‑processing disclosures. Its primary purpose is to monitor client websites and notify them of modifications that may affect their regulatory compliance status, feeding data directly into iubenda’s “Privacy Radar” dashboard.

🌐 Technical Behavior

The crawler performs HTTP/HTTPS GET requests with a default frequency of once every 24‑48 hours per monitored URL, though this interval can be user‑configured in the iubenda dashboard. It does not follow internal site navigation; instead, it targets a predefined list of URLs (typically privacy‑policy, cookie‑policy, terms‑of‑service pages) provided by the customer. Request headers include Accept-Language: en-US,en;q=0.5 and the identifying User‑Agent string. IP ranges are not publicly documented, but the crawler originates from a set of dedicated Amazon Web Services (AWS) EC2 instances located in the eu‑west‑1 (Ireland) region. The bot sends about 5‑10 requests per scan, with a mandatory 2‑second delay between each request to avoid server overload. It does not execute JavaScript, parse CSS, or crawl images — it only retrieves raw HTML to extract relevant text elements.

📋 robots.txt Compliance

iubenda officially states that iubenda-radar fully respects the robots.txt exclusion standard. If a Disallow directive is present for the target URL, the crawler will skip that page and log a compliance warning in the dashboard. The bot also obeys Crawl-Delay directives when specified, further throttling its request pace. No documented violations have been reported.

🔍 Detection Indicators

The primary User‑Agent string is: iubenda-radar (https://www.iubenda.com/help/radar). A secondary string may appear as iubenda‑radar/1.0 in some logs. The bot does not alter its fingerprint per request; its HTTP headers remain consistent, with no X-Forwarded-For spoofing. Log entries typically show the remote IP resolving to the ec2‑52‑48‑* range (AWS Ireland). Additionally, the request path almost always ends in /privacy‑policy, /cookie‑policy, or similar compliance‑related endpoints.

📊 Data Usage

Collected content (policy text, cookie declaration URLs, consent‑banner code snippets) is processed by iubenda’s proprietary NLP engine to detect changes and flag potential compliance drift. Results are presented in the customer’s dashboard as “alerts” or “logs,” enabling companies to quickly update their documentation. No raw content is shared with third parties or used for AI training; it is retained only for the customer’s subscription period and deleted upon cancellation (per iubenda’s Data Processing Agreement).

⚙️ Rate Limiting Policy

iubenda‑radar is deliberately rate‑limited to a maximum of 10 requests per minute per domain, and it never re‑crawls the same URL within a 24‑hour window unless a customer manually triggers a rescan. Administrators are encouraged to block the bot only if it exceeds this implicit ceiling; otherwise, no action is required as the crawler is designed to be non‑disruptive and legally compliant under European data protection laws.

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.