Legal
EFFECTIVE MAR 2026
TL;DR — We store your feedback data to show it in your dashboard. We use limited self-hosted product analytics, we don't sell your data, and everything is hosted in the EU.
Account data
Your email address, used for authentication via magic link and to communicate important service updates.
Project data
Project names, domain allowlists, widget configuration, and API keys you create within the Service.
Feedback data
Screenshots, browser console logs, network error logs, user journey breadcrumbs, and any annotations or comments — submitted by your website visitors through the Sendshot widget.
No ad-tech tracking
We do not use advertising pixels, retargeting scripts, or sell behavioral data. We do use limited first-party product analytics to understand onboarding and feature usage.
No advertising cookies
We use authentication/session mechanisms and limited first-party analytics related to product use. We do not use third-party advertising or retargeting cookies.
No data selling
We do not sell, rent, or trade your data to anyone. Period.
Your data is used exclusively to provide the Service to you: displaying feedback in your dashboard, powering share links, and sending transactional emails (magic links, account notifications). That's it.
Hosted in Europe
All data is stored on servers located in the European Union (Hetzner, Germany). Screenshots are stored in S3-compatible object storage. Database records are stored in MongoDB.
Encryption
All data is encrypted in transit (TLS). API keys are stored in MongoDB and only shown to authenticated account owners inside the product. Treat API keys like passwords and regenerate them immediately if they are ever exposed.
Resend
We use Resend for sending transactional emails such as magic links. Resend processes your email address solely for email delivery.
Polar
We use Polar for subscription management and billing. Polar processes billing-related data such as your email, subscription details, and payment information.
Self-hosted analytics
We use a self-hosted Rybbit instance for product analytics, such as onboarding steps and feature usage. This data stays within our own infrastructure and is not shared with advertising networks.
We retain your data for as long as your account is active. When you delete your account, all associated data (projects, feedback, screenshots, API keys) is permanently deleted within 30 days.
Access & portability
You can request a copy of all data we hold about you.
Rectification
You can update your account information at any time.
Erasure
You can delete your account and all associated data.
Objection
You can object to processing of your data. Contact us and we will address your concern.
Sendshot is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.
We may update this policy from time to time. Material changes will be communicated via email. Continued use after changes constitutes acceptance.
Questions or requests about your data? Reach us at privacy@sendshot.dev.