Encryption everywhere
Uploads travel over TLS 1.3 and metadata is encrypted at rest using managed keys with automatic rotation.
Support
We combine privacy-first product design with practical controls so you can trust every capture. Report urgent concerns anytime and we will respond quickly.
Encryption everywhere
Uploads travel over TLS 1.3 and metadata is encrypted at rest using managed keys with automatic rotation.
Minimal retention
Screenshots are processed in memory only. We store structured invite metadata for 30 days unless you delete it sooner.
Monitored 24/7
Centralized logging, anomaly alerts, and on-call responders keep the ingest pipeline and Supabase region healthy.
Data handling
Screenshots are received by a Supabase edge function, parsed immediately, and discarded. Parsed field data is stored in Postgres with row level security enforcing tenant isolation and a 30-day retention policy (you can delete entries sooner).
Infrastructure
Production lives in isolated Supabase projects with private networking, hardened access via hardware keys, and weekly dependency checks managed by Renovate.
Monitoring & response
Structured logs feed into alerting that pages the on-call engineer. Backups are encrypted and tested monthly for recovery timelines.
We welcome responsible disclosure and treat every report as confidential until a fix is released.
Email security@screentocal.com
Include a plain-text description, reproduction steps, and any proof-of-concept code. Please avoid sending secrets or large attachments.
Allow 1 business day
We acknowledge every submission within 24 hours, triage by severity, and provide status updates until remediation ships.
Safe harbor
Good-faith research that avoids customer data and respects rate limits will never trigger legal threats. We may offer swag or bounties for impactful findings.
Need an NDA or questionnaire?
Email security@screentocal.com with your request or use our support form.
No. Screenshots are processed in volatile memory at the edge and discarded immediately after parsing. Only structured metadata remains and is encrypted at rest.
Structured metadata lives in our Supabase Postgres project in your selected region. It is kept for up to 30 days so you can review history, and you can delete entries sooner from the dashboard.
Backups are encrypted, tested monthly, and access requires hardware keys plus SSO with audit logging. Row level security isolates tenant data.