LEGAL
Privacy Policy
This policy explains what data ogshot ("we", operated by [Your legal entity]) collects, why, and your choices. The short version: we collect only what's needed to run the Service, we don't sell your data, and our website analytics use no cookies and no personal data.
What we collect
- Account data. When you sign in with GitHub (scope
read:user), we store your GitHub id, username, display name, and avatar URL. We do not receive your GitHub password or private repositories. - Billing data. If you subscribe, payments are handled by Stripe. We store your Stripe customer and subscription identifiers and your plan — not your card number, which Stripe holds.
- Usage data. Per-key render and cache-hit counts, so we can meter quotas and show you usage. API keys are stored only as SHA-256 hashes.
- Content you submit. The URLs or HTML you send for rendering are processed to produce an image and may be transiently cached (keyed by a hash of the request) to serve repeats. We don't build profiles from this content.
- Website analytics. Aggregated page-view counts (which page, and the referring site's domain) — no cookies, no IP addresses, no individual profiles.
Cookies
We use a single functional cookie — a signed session cookie that keeps you logged in after you sign in with GitHub. We do not use advertising or cross-site tracking cookies, and our analytics are cookieless, so no consent banner is required to browse the site.
How we use data
To provide and secure the Service, authenticate you, meter and bill your usage, respond to support requests, and understand aggregate traffic so we can improve the site. We do not sell your personal data or share it for advertising.
Who we share it with
We rely on a small number of processors to run the Service:
- GitHub — sign-in (identity).
- Stripe — payment processing.
- Fly.io — application hosting and data storage.
Each processes data on our behalf under its own terms. We may also disclose data if required by law.
Data retention
We keep account and usage data while your account is active. If you delete your account, we remove your personal account data within 30 days, except where we must retain records (for example, billing records) to comply with law. Aggregated analytics contain no personal data and are kept indefinitely.
Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. To exercise them, email support@ogshot.dev and we'll respond within a reasonable time.
Security
API keys are stored hashed, session cookies are signed and HTTP-only, data is transmitted over HTTPS, and the storage volume is encrypted at rest. No system is perfectly secure, but we take reasonable measures to protect your data.
Children
The Service is not directed to children under 13 (or the minimum age of digital consent in your country), and we don't knowingly collect their data.
Changes
We may update this policy; we'll change the date above and, for material changes, provide notice where appropriate.
Contact
Questions or requests: support@ogshot.dev.