Privacy Policy

WebCaptureAPI operates the website webcaptureapi.com and the WebCaptureAPI screenshot service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Questions? Email us at [email protected].

Account Information

When you register, we collect:

• Name and email address
• Password (stored as a one-way bcrypt hash — we cannot read it)
• Subscription plan and billing status

Payment Information

We use Stripe to process payments. We never store your card number, CVC, or full card details on our servers. Stripe stores and processes this data under their own Privacy Policy. We store only your Stripe customer ID and subscription metadata.

Usage Data

We automatically collect:

• API request logs (timestamp, URL screenshotted, response status, processing time)
• Monthly screenshot counts per API key
• IP address of API requests (for rate limiting and abuse prevention)
• Browser type and OS when using the web dashboard

URLs You Submit

When you call the API, you submit URLs to screenshot. We process these URLs to generate screenshots and do not store resulting images beyond the immediate request lifecycle. URLs are logged for abuse prevention and retained for 30 days.

Cookies & Analytics

• To provide, operate, and maintain the WebCaptureAPI service
• To process payments and manage your subscription
• To send transactional emails (verification, OTP codes, receipts, scheduled screenshot deliveries)
• To enforce API rate limits and monthly usage quotas
• To detect and prevent abuse, fraud, and unauthorised access
• To respond to support requests
• To send service-related notices (maintenance, security updates)
• To improve the service using aggregated, anonymised usage patterns

We use Mailgun to deliver transactional emails: verification, two-factor codes, subscription confirmations, and scheduled screenshot deliveries. These are essential to the service and cannot be opted out of while maintaining an active account.

We do not send marketing emails unless you explicitly opt in.

We share data only with the following sub-processors:

We may disclose information if required by law or to protect the rights, property, or safety of WebCaptureAPI, our users, or the public.

• Account data: retained for the duration of your account, deleted within 30 days of closure upon request
• API request logs: retained for 30 days for abuse prevention, then deleted
• Billing records: retained for 7 years as required by applicable tax law
• Scheduled job configurations: deleted immediately when you delete the job or close your account

• TLS encryption for all data in transit (HTTPS enforced via HSTS)
• Passwords hashed with bcrypt (cost factor 12)
• API keys stored as hashed values
• Two-factor authentication available for all accounts
• Database not exposed to the public internet
• Rate limiting and brute-force protection on all auth endpoints

No method of transmission or storage is 100% secure. We take all reasonable steps to protect your data but cannot guarantee absolute security.

Depending on your location, you may have the right to:

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Our servers are located in the European Union. If you access the service from outside the EU, your data may be transferred internationally when processed by our sub-processors. These transfers are covered by standard contractual clauses or equivalent safeguards.

WebCaptureAPI is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the dashboard. The "Last updated" date at the top reflects the most recent revision. Continued use after changes constitutes acceptance.

For any privacy-related questions or requests: