Privacy Policy

Last updated: February 8, 2026

1. Introduction

screenurl ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website screenshot API service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using bcrypt hashing)
  • Account creation date
  • Subscription tier

2.2 Usage Data

When you use our API, we collect:

  • URLs you request screenshots of
  • Screenshot parameters (viewport size, format, etc.)
  • Timestamps of API requests
  • API key usage counts
  • IP addresses (for rate limiting)

2.3 Technical Data

We automatically collect:

  • Browser type and version
  • Device information
  • Log data and error reports

3. How We Use Your Information

We use your information to:

  • Provide and maintain our Service
  • Process your API requests and generate screenshots
  • Manage your account and subscriptions
  • Track usage and enforce rate limits
  • Communicate with you about service updates, billing, and support
  • Improve our Service and develop new features
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Passwords are hashed using bcrypt with salting
  • API keys are stored with cryptographic hashes
  • All data transmission uses HTTPS encryption
  • Database access is restricted and monitored
  • Regular security audits and updates

Screenshots are cached temporarily (up to 1 hour) to improve performance and are automatically deleted afterward.

5. Data Sharing

We do NOT sell your personal data. We may share data with:

  • Service providers: Payment processors (Stripe), hosting providers, and analytics services
  • Legal authorities: When required by law or to protect our rights
  • Business transfers: In connection with mergers, acquisitions, or asset sales

6. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing of your data
  • Restriction: Request restriction of processing

To exercise these rights, contact us at hello@automata.army.

7. Cookies

We use essential cookies to maintain your session and preferences. These cookies are necessary for the Service to function and cannot be disabled.

We do not use tracking cookies or third-party advertising cookies.

8. Third-Party Services

Our Service integrates with:

  • Stripe: For payment processing. Their privacy policy (stripe.com/privacy) applies to payment data.
  • Cloud Infrastructure: We use AWS for hosting. Data is processed in accordance with their privacy practices.

We encourage you to review the privacy policies of these third-party services.

9. Data Retention Policy

We retain your data as follows:

9.1 Screenshot Storage

  • Cached Screenshots: Temporarily stored for up to 1 hour to improve performance, then automatically deleted
  • Screenshot Metadata: URL, parameters, and timestamps stored for 90 days for usage tracking and debugging
  • No Permanent Storage: We do not permanently store screenshot images unless explicitly requested by Enterprise customers

9.2 User Data

  • Account Information: Retained while your account is active and for 30 days after deletion
  • API Keys: Hashed keys retained while account is active; immediately invalidated upon account deletion
  • Usage Statistics: Aggregated usage data retained for 12 months for analytics
  • Billing Records: Retained for 7 years as required by tax and financial regulations

9.3 Log Data

  • API Request Logs: Retained for 90 days for debugging and abuse prevention
  • Error Logs: Retained for 30 days
  • Security Logs: Retained for 1 year for security incident investigation

10. Account Deletion

When you request account deletion:

  • Immediate Actions: Your API keys are immediately invalidated and all active sessions terminated
  • Within 24 hours: Your account is marked for deletion and login access is disabled
  • Within 30 days: All personal data (email, password hash, profile information) is permanently deleted
  • Retained Data: Aggregated, anonymized usage statistics and billing records required for legal compliance
  • Backup Removal: Data in backups is removed within 90 days following our backup rotation schedule

To request account deletion, log into your dashboard and click "Delete Account" or email privacy@screenurl.com.

11. International Data Transfers

Our servers are located in the United States. If you are accessing the Service from outside the US, please be aware that your data may be transferred to, stored, and processed in the US where data protection laws may differ from those in your jurisdiction.

12. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: hello@automata.army