Encryption everywhere
Uploads travel over TLS 1.3 and metadata is encrypted at rest using managed keys with automatic rotation.
Support
We combine privacy-first product design with practical controls so you can trust every capture. Report urgent concerns anytime and we will respond quickly.
Encryption everywhere
Uploads travel over TLS 1.3 and metadata is encrypted at rest using managed keys with automatic rotation.
Minimal retention
Screenshots are processed in memory only. We store structured invite metadata for 30 days unless you delete it sooner.
Monitored 24/7
Centralized logging, anomaly alerts, and on-call responders keep the ingest pipeline and Supabase region healthy.
Data handling
Screenshots are received by a Supabase edge function, parsed immediately, and discarded. Parsed field data is stored in Postgres with row level security enforcing tenant isolation and a 30-day retention policy (you can delete entries sooner).
Infrastructure
Production lives in isolated Supabase projects with private networking, hardened access via hardware keys, and weekly dependency checks managed by Renovate.
Monitoring & response
Structured logs feed into alerting that pages the on-call engineer. Backups are encrypted and tested monthly for recovery timelines.
We welcome responsible disclosure and treat every report as confidential until a fix is released.
Email security@screentocal.com
Include a plain-text description, reproduction steps, and any proof-of-concept code. Please avoid sending secrets or large attachments.
Allow 1 business day
We acknowledge every submission within 24 hours, triage by severity, and provide status updates until remediation ships.
Safe harbor
Good-faith research that avoids customer data and respects rate limits will never trigger legal threats. We may offer swag or bounties for impactful findings.
Need an NDA or questionnaire?
Email security@screentocal.com with your request or use our support form.