Privacy Policy
Effective Date: March 24, 2026
Last Updated: March 24, 2026
ScreenshotAPI ("we," "us," or "our") operates the website at https://screenshotapi.to and the ScreenshotAPI application programming interface (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
| Data Category | Examples | When Collected | Purpose |
|---|---|---|---|
| Account Information | Email address, display name | Account registration | Account creation, authentication, communication |
| Authentication Credentials | Password (hashed), OAuth provider tokens | Account registration and login | Authentication and account security |
| Payment Information | Credit card details, billing address | Credit Pack purchase or Auto Top-Up setup | Payment processing |
| Support Communications | Email content, attachments | When you contact support | Responding to your inquiries |
1.2 Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| API Usage Logs | URLs submitted for screenshots, request timestamps, response status (success/failure), rendering duration, API Key used, screenshot options/parameters | Service delivery, usage tracking, debugging, abuse prevention |
| Credit Transaction Records | Credit purchases, usage deductions, refunds, signup bonuses, Auto Top-Up charges | Billing, account management, audit trail |
| Server Logs | IP address, request headers, user agent, timestamps | Security, performance monitoring, debugging |
1.3 Information We Do Not Collect
- Screenshot image data: Screenshots are generated on demand and returned directly to you in the API response. We do not store, cache, or retain the screenshot images after delivery.
- Web page content: We do not store the HTML, CSS, JavaScript, or other content of the web pages you screenshot. Page content is rendered transiently during the screenshot process and discarded immediately.
- Cookies for tracking or advertising: We do not use tracking cookies, advertising pixels, or third-party analytics services.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Process your API requests, generate screenshots, manage your account, and maintain your credit balance.
- Process payments: Facilitate Credit Pack purchases and Auto Top-Up charges through our payment processor.
- Communicate with you: Send service-related notifications, respond to support requests, and inform you of material changes to the Service or these policies.
- Ensure security: Detect, prevent, and respond to fraud, abuse, unauthorized access, and other harmful activities.
- Improve the Service: Analyze usage patterns in aggregate to improve performance, reliability, and features.
- Comply with legal obligations: Fulfill legal requirements, respond to lawful requests, and protect our rights.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of contract (Terms of Service) |
| Payment processing | Performance of contract |
| API request processing and screenshot generation | Performance of contract |
| Security and abuse prevention | Legitimate interest |
| Service improvement through aggregated analytics | Legitimate interest |
| Legal compliance | Legal obligation |
| Service-related communications | Performance of contract / Legitimate interest |
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:
4.1 Third-Party Service Providers
We use the following third-party services that process your data on our behalf:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Polar | Payment processing | Email, payment details, transaction metadata | polar.sh/legal/privacy |
| Supabase | Authentication and database hosting | Account data, authentication credentials, all database records | supabase.com/privacy |
| Vercel | Application hosting (serverless) | Server logs, IP addresses, request data | vercel.com/legal/privacy-policy |
These service providers are contractually obligated to process your data only as necessary to provide their services to us and in accordance with applicable data protection laws.
4.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.
4.3 Protection of Rights
We may disclose your information when we believe it is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
4.4 Business Transfer
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website of any change in ownership or uses of your personal information.
5. Data Retention
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account information | Duration of account plus 30 days after deletion | Service delivery and reasonable deletion window |
| API usage logs | 24 months from creation | Debugging, abuse prevention, usage analytics |
| Credit transaction records | 7 years | Financial record-keeping and tax compliance |
| Payment records (via Polar) | As required by Polar and applicable law | Financial compliance and dispute resolution |
| Server logs | 90 days | Security monitoring and debugging |
| Support communications | 24 months from last communication | Quality assurance and reference |
When data reaches the end of its retention period, it is deleted or anonymized. We may retain anonymized, aggregated data indefinitely for analytical purposes.
6. Data Security
We implement commercially reasonable technical and organizational measures to protect your personal information, including:
- All data transmitted between your browser or application and our Service is encrypted using TLS (HTTPS).
- API Keys are stored as SHA-256 hashes; the original key values are never stored on our servers.
- Passwords are managed by Supabase Auth, which uses industry-standard bcrypt hashing.
- Payment information is processed and stored by Polar, our merchant of record.
- Database access is restricted and requires authenticated connections.
- Our application infrastructure is hosted on Vercel and Supabase, both of which maintain SOC 2 compliance.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the security of your account credentials and API Keys.
7. Cookies and Tracking Technologies
We use only essential cookies that are strictly necessary for the operation of the Service:
| Cookie | Purpose | Duration |
|---|---|---|
| Authentication session cookie | Maintains your logged-in session via Supabase Auth | Session / up to 7 days |
We do not use advertising cookies, tracking pixels, third-party analytics services, or social media widgets that track your activity across websites. We do not participate in cross-site tracking or behavioral advertising.
8. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
8.1 All Users
- Access: You can access your account information, API usage history, and credit transaction records through your account dashboard at any time.
- Correction: You can update your email address and display name through your account settings.
- Deletion: You can request deletion of your account and associated personal data by contacting us at support@screenshotapi.to. We will process your request within 30 days, subject to any legal retention obligations.
- API Key Revocation: You can revoke any API Key at any time through your account dashboard.
- Auto Top-Up Control: You can enable, disable, or modify Auto Top-Up settings at any time.
8.2 European Economic Area and United Kingdom Residents
If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete personal data.
- Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
- Right to Restrict Processing: You may request that we limit processing of your personal data in certain circumstances.
- Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You may object to processing based on legitimate interest.
- Right to Lodge a Complaint: You may file a complaint with your local supervisory authority if you believe your data protection rights have been violated.
To exercise any of these rights, please contact us at support@screenshotapi.to. We will respond to your request within 30 days (or sooner if required by applicable law).
8.3 California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to know what personal information we collect, how it is used, and with whom it is shared.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of personal information collected: Identifiers (email, name, IP address), commercial information (purchase history, credit transactions), internet activity (API usage logs, server logs).
Sale of personal information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
To exercise your CCPA rights, contact us at support@screenshotapi.to. We will verify your identity before processing your request.
9. International Data Transfers
The Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For transfers of personal data from the EEA or UK to the United States, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
- The data protection commitments of our service providers (Supabase, Polar, and Vercel each maintain appropriate data transfer mechanisms).
By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to promptly delete such information. If you believe we have inadvertently collected information from a child under 18, please contact us at support@screenshotapi.to.
11. Third-Party Links
The Service may contain links to third-party websites or services. The screenshots you generate depict third-party web pages. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy on this page with a new "Last Updated" date and, where feasible, by sending notice to the email address associated with your account at least 15 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and request deletion of your account.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
ScreenshotAPI
Email: support@screenshotapi.to
Website: https://screenshotapi.to
For privacy-specific inquiries, including GDPR and CCPA requests, please include "Privacy Request" in the subject line of your email to ensure prompt handling.
This Privacy Policy was last updated on March 24, 2026. This document is provided for informational purposes and should be reviewed by qualified legal counsel before publication.