How are you handling the auth token/captcha on the website? I'm not a legal expert, but my impression is that automated solving of captchas during a scrape carries higher risk. That said, amazing project!