Legal
Privacy Policy
Controller
SiteCatch is operated by Michael Szybko, Richard-Wagner-Str. 79, 45657 Recklinghausen, Germany.
Email: support@sitecatch.io
1. What data we process
- Account data: email address, user ID, login/session data, and authentication events.
- API keys: key metadata and secure hashes; we do not store API keys in plain text.
- Screenshot data: target URLs, capture settings, timestamps, status, stored screenshots, and related metadata.
- Billing data: Stripe customer/payment references, purchased credit packs, credit balance, and credit transactions.
- Feedback: message text, category, optional email address, current page, user agent, and related account context.
- Technical data: IP address, user agent, request logs, error logs, rate-limit data, and security events.
2. Why we process data
- To create and manage your account.
- To provide the screenshot dashboard and API.
- To store screenshots and show them in your library.
- To process payments, invoices, credits, and refunds through Stripe.
- To answer support requests and feedback.
- To prevent abuse, protect the service, debug errors, and improve reliability.
- To meet legal, accounting, tax, and security obligations.
3. Legal bases
We process account, screenshot, API, billing, and support data mainly to perform our contract with you. We process security, logs, rate limits, and abuse-prevention data based on our legitimate interest in operating a secure and reliable service. We process invoice, tax, and accounting data where legally required.
4. Screenshots and third-party content
You decide which URLs are submitted to SiteCatch. Screenshots may contain content from third-party websites, including personal data or copyrighted material. You are responsible for making sure that your use of SiteCatch and the resulting screenshots is lawful.
5. Service providers
We use trusted providers only as needed to operate SiteCatch:
- Supabase: authentication, database, and screenshot storage.
- Railway: application hosting and runtime infrastructure.
- Stripe: checkout, payments, invoices, and payment-related emails.
- Upstash: rate limiting and abuse prevention.
- Resend: internal feedback notification emails.
Some providers may process data outside the European Economic Area. Where required, this is handled through appropriate safeguards such as standard contractual clauses.
6. Cookies and local storage
We use technically necessary cookies and browser storage for login sessions, security, preferences, and dashboard functionality. We do not currently use advertising cookies.
7. Retention
We keep data only as long as needed for the purposes described above. Screenshot files for active accounts are kept for at least 90 days. We currently do not automatically delete screenshots, but SiteCatch is not permanent image hosting or archive storage. Account, screenshot, and feedback data can be deleted on request unless we need to keep it for billing, tax, legal, fraud-prevention, or security reasons. Payment and invoice records may need to be retained for statutory accounting periods.
8. Your rights
If the GDPR applies to you, you may have the right to request access, correction, deletion, restriction, portability, or objection to certain processing. You can contact us at support@sitecatch.io. You may also have the right to complain to a data protection authority.
9. Security
We use technical and organizational measures to protect your data, including hashed API keys, server-side service-role access, and rate limiting. No internet service can be guaranteed to be completely secure.
10. Changes
We may update this Privacy Policy when the service, providers, or legal requirements change. The updated date shows when this page was last changed.
11. Contact
For privacy questions or requests, contact support@sitecatch.io.