Privacy Policy

Last updated: April 1, 2026

1. Overview

scrnr.io ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect when you use our screenshot API service, how we use it, and the choices you have.

2. Data We Collect

Account Data

  • Email address — used for authentication (magic link sign-in) and service communications.

API Usage Data

  • Request logs — the URL submitted, timestamp, HTTP status, response time, and delivery format for each API call.
  • API key identifiers — a hashed representation of your API key (the raw key is never stored).

Technical Data

  • IP addresses — logged at the network layer for abuse prevention; not linked to your account.
  • Browser / User-Agent — collected by our hosting infrastructure for security monitoring.

What We Do NOT Collect

  • We do not store the content of screenshots beyond the temporary CDN TTL (24 hours).
  • We do not use cookies for tracking or advertising.
  • We do not sell your data to third parties.

3. How We Use Your Data

  • To authenticate you and provide access to the Service.
  • To enforce free-tier usage limits and prevent abuse.
  • To send transactional emails (sign-in links, usage alerts).
  • To monitor service health and debug errors.
  • To comply with legal obligations.

4. Data Retention

  • Screenshots (URL delivery) — automatically deleted after 24 hours.
  • Request logs — retained for 90 days, then permanently deleted.
  • Account data — retained for as long as your account is active. Deleted within 30 days of account deletion.

5. Third-Party Services

We use a minimal set of sub-processors:

  • Cloudflare S3-compatible storage — temporary storage for URL-delivered screenshots.
  • Transactional email provider — for sending sign-in magic links.
  • Cloudflare Turnstile — bot protection on the sign-in form. Subject to Cloudflare's privacy policy.

We do not use Google Analytics, Meta Pixel, or any advertising trackers.

6. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at [email protected] and we will respond within 30 days.

7. Security

API keys are stored as HMAC-SHA256 hashes — the raw key is shown only once and never stored. All data is transmitted over TLS. We follow industry-standard practices to protect your data, but no system is 100% secure.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you via email for material changes. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions or requests? Email [email protected].

Read our Terms of Service →