Introduction

At Scrnsnap, we are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal information when you use our screenshot tool and related services.

Information We Collect

We may collect the following types of information:

• Personal Information: Such as your name and email address when you register or contact us.
• Usage Data: Information about how you use our application, including features accessed and time spent.
• Device Information: Details about the device you use to access our services, such as IP address, browser type, and operating system.
• Rate Limiting Data: We temporarily collect IP addresses and user IDs to prevent abuse and ensure fair usage of our services. This data is used solely for security purposes and is not stored long-term.

How We Use Your Information

We use the collected information for various purposes, including:

• To provide and maintain our services.
• To improve and personalize your experience.
• To communicate with you, including sending updates and support.
• To monitor and analyze usage patterns.
• To prevent abuse, spam, and ensure platform security through rate limiting based on IP addresses and user accounts.

Data Retention

Rate limiting data (IP addresses and user identifiers) is stored temporarily only for the duration necessary to enforce usage limits:

• Upload and API requests: Limited to 15 requests per 10 seconds. Data is automatically deleted after the time window expires.
• Contact form submissions: Limited to 3 requests per 60 seconds. Data is automatically deleted after the time window expires.
• Authenticated users: Rate limiting is tied to your user account ID for accurate tracking.
• Anonymous users: Rate limiting uses only your IP address, without any device fingerprinting or tracking cookies.

We use Upstash Redis for secure, temporary storage of rate limiting data. This data is not stored long-term, shared with third parties, or used for tracking, profiling, or marketing purposes. Our rate limiting serves the sole purpose of preventing abuse and ensuring fair service availability for all users.

Cookies and Similar Technologies

Our application uses cookies to provide essential functionality. Here's what you need to know:

Strictly Necessary Cookies

We use authentication cookies provided by Supabase to manage user sessions and keep you logged in. These cookies are essential for the service to function and cannot be disabled if you wish to use authenticated features. These cookies include:

• Session cookies: Used to maintain your login state and authenticate your requests to our servers.
• Security cookies: Used to prevent unauthorized access and protect your account.

No tracking or analytics cookies: We do not use cookies for tracking, advertising, or analytics purposes. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking technologies.

Managing Cookies

You can control cookies through your browser settings. However, disabling strictly necessary cookies will prevent you from using authenticated features of our service. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies
• Delete all cookies when you close your browser

Data Security

We implement appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. All data transmissions are encrypted using HTTPS/TLS, and authentication tokens are securely stored.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases:

• Contractual necessity: To provide the services you have requested (account creation, file uploads, etc.).
• Legitimate interests: To prevent abuse, ensure platform security, and maintain service quality through rate limiting. We have carefully balanced these interests against your privacy rights.
• Consent: For any optional features or communications you explicitly agree to.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our service providers (Supabase, Upstash, Cloudflare R2) are located. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Data Controller

The data controller responsible for your personal information is Scrnsnap. For any questions or to exercise your rights, please contact us at support@scrnsnap.com.

Your Rights

Under data protection laws, including GDPR and CCPA, you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct your personal information through your account settings.
• Deletion: Request deletion of your account and associated data. Note that rate limiting data is automatically deleted within minutes.
• Data portability: Request a copy of your data in a machine-readable format.
• Objection: Object to processing of your personal data for legitimate interests.
• Opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, please contact us at support@scrnsnap.com. We will respond to your request within 30 days as required by law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us at support@scrnsnap.com.