Privacy Policy

Last updated: May 2026

What Data We Collect

We collect the following information when you use VaultShot:

  • Account Information: Your email address and name when you sign up
  • Website URLs: The URLs of websites you submit for screenshot capture
  • Screenshots: Full-page website screenshots and their associated metadata (timestamp, dimensions, hash)
  • Usage Data: Information about how you use the service (e.g., number of captures, plans accessed)
  • Payment Information: Handled securely by Stripe; we do not store credit card details

How We Use Your Data

We use your data exclusively to:

  • Provide the VaultShot service (capturing screenshots, generating hash certificates)
  • Generate compliance PDF certificates with SHA-256 hashes
  • Manage your subscription and process payments
  • Respond to support requests and improve the service
  • Send account and service-related notifications (Pro plan includes email for captures)

Data Storage

Your data is stored across multiple secure providers:

  • Metadata (emails, accounts, timestamps): Supabase PostgreSQL database with row-level security and encryption at rest
  • Screenshot Images: AWS S3 with server-side encryption (AES-256)
  • Payment Information: Stripe (PCI-DSS compliant, we never store card numbers)
  • Application Hosting: Vercel (with DDoS protection and SSL/TLS encryption)

Data Retention

Screenshot retention depends on your plan:

  • Free Plan: Snapshots available for download immediately; not retained on our servers
  • Pro Plan: Snapshots retained for 30 days, then automatically deleted
  • Account Deletion: All associated screenshots and data are permanently deleted within 7 days of account deletion

Third-Party Services

VaultShot uses the following third-party services:

  • Supabase: Database and authentication (privacy policy: supabase.com/privacy)
  • AWS S3: Screenshot storage (privacy policy: aws.amazon.com/privacy)
  • Stripe: Payment processing (privacy policy: stripe.com/privacy)
  • Vercel: Application hosting (privacy policy: vercel.com/privacy)

These services may collect limited information as necessary to provide their services. We do not sell or share your personal data with third parties for marketing purposes.

Your Rights

Under GDPR and similar privacy regulations, you have the right to:

  • Access: Request a copy of your data in a machine-readable format
  • Deletion: Request permanent deletion of your account and associated data
  • Export: Request your data exported in a standard format
  • Correct: Update or correct inaccurate personal information

To exercise any of these rights, contact info@vaultshot.io.

Cookies

VaultShot uses minimal cookies:

  • Session Cookies: Authentication tokens to keep you logged in (expires on logout or session end)
  • No Tracking Cookies: We do not use analytics cookies, advertising cookies, or third-party tracking

You can disable cookies in your browser settings, though this may affect functionality.

Security

We take security seriously and implement:

  • HTTPS/TLS encryption for all data in transit
  • AES-256 encryption for data at rest in S3 and Supabase
  • Row-level security policies in Supabase to isolate user data
  • Regular security audits and vulnerability scanning

If you discover a security vulnerability, please contact info@vaultshot.io instead of disclosing it publicly.

Contact Us

If you have questions about this privacy policy or how we handle your data, contact:

VaultShot Support

Email: info@vaultshot.io

Note: We may update this privacy policy periodically. We will notify you of significant changes via email or through prominent notice on the website.