This policy describes what data a Screenshotter server instance collects and how it is handled. Screenshotter is self-hosted software; the operator of any given instance is responsible for their deployment’s compliance with applicable law.
Account information. When authentication is enabled, the server stores the name and email address provided by the authentication provider (OIDC or Tailscale) at first login. This data is used solely to identify the account owner and is not shared with third parties.
Uploaded images. The server stores the PNG images explicitly uploaded by the user, together with the source URL of the captured page and the title set by the user at upload time. No other metadata is collected.
Access logs. Depending on server configuration and the reverse proxy in front of it, HTTP access logs may be retained. These logs can include the requesting IP address, timestamp, and requested URL.
By default, uploaded images can be viewed by anyone who knows the image ID, without authentication. This behaviour may vary depending on how the operator has configured the server. Users should treat image IDs as access tokens.
Account information and uploaded images are retained indefinitely. Users may delete their images at any time; deletion takes effect immediately and permanently. There is currently no mechanism to delete the account itself; users should contact the instance operator to request account removal.
The server does not share data with any third party, with the exception of the authentication provider chosen by the operator (which supplies the account name and email at login).
For questions or data removal requests, contact the operator of the instance you are using. For questions about the Screenshotter software itself, reach out at contact@screenshotter.org.