Get Started
Legal

Privacy Policy

Last updated: April 11, 2026

BrowserGrab ("we", "us", or "our") operates the BrowserGrab website, API, Chrome extension, and npm SDK (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

Account Information

When you register for BrowserGrab, we collect your email address, name, and a hashed password. If you sign in via a third-party OAuth provider (e.g., Google), we receive only the data that provider shares: typically your name, email address, and profile picture.

API Keys

When you create an API key, we store a one-way cryptographic hash of the key. The plaintext key is shown to you once at creation and is never stored by us. We record metadata about each key including its label, creation timestamp, and last-used timestamp.

Screenshot Data

Each time you use the API, we log: the URL that was captured, the dimensions and format requested, the storage destination used, capture duration, and whether the request succeeded. If cloud storage is enabled, the resulting screenshot image is stored in our cloud storage infrastructure (Cloudflare R2).

Usage and Billing Data

We track the number of API requests you make each billing period to enforce your plan limits. If you subscribe to a paid plan, payment is processed by Stripe. We do not receive or store your full credit card number — Stripe handles all payment card data in compliance with PCI-DSS. We receive from Stripe: your subscription status, plan tier, and billing-related event notifications.

Google Drive Integration

If you connect Google Drive as a storage destination, we request only the OAuth scopes necessary to write files to your Drive. We store your OAuth refresh token (encrypted at rest) to enable ongoing uploads. We do not read, index, or access any of your existing Drive files.

Chrome Extension

The BrowserGrab Chrome extension stores your API key, default storage preference, and default capture format locally in chrome.storage.sync. This data is synced by Chrome across your signed-in devices but is not transmitted to our servers except as part of normal API requests. The extension accesses the URL of the active tab only at the moment you trigger a screenshot — we do not monitor your browsing history.

Log and Analytics Data

We collect standard web server logs including IP addresses, browser user agents, referring URLs, and pages visited. We use Google Analytics to understand aggregate usage patterns. This data is not linked to your account identity for analytics purposes.

2. How We Use Your Information

  • To operate and provide the Service, including processing API requests and delivering screenshots.
  • To enforce usage quotas and plan limits associated with your subscription.
  • To authenticate you and secure your account.
  • To send transactional emails such as account verification, password resets, and billing receipts.
  • To respond to support requests and troubleshoot issues.
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.
  • To analyze aggregate usage trends and improve the Service.
  • To comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data to train machine learning models. We do not serve advertising.

3. Data Retention

We retain your account data for as long as your account is active. Screenshot records (metadata and stored images) are retained for 90 days by default, after which they are automatically purged from our systems. You may delete individual screenshots or your entire account at any time from your dashboard.

API key hashes are retained until you delete the key. Billing and payment records are retained as required by applicable financial regulations (typically 7 years).

If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate fraud prevention purposes.

4. Data Sharing and Disclosure

We share your information only in the following limited circumstances:

  • Service Providers: We use trusted third-party vendors to help operate the Service — including Cloudflare (hosting, storage, CDN), Neon (database), Stripe (payments), and Google (analytics, Drive integration). These vendors process data only as instructed by us and under data processing agreements.
  • Legal Requirements: We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of BrowserGrab, our users, or the public.
  • Business Transfers: If BrowserGrab is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data becomes subject to a different privacy policy.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

5. Cookies and Tracking

We use cookies and similar tracking technologies for the following purposes:

  • Authentication: A session cookie is set when you sign in to keep you logged in across page loads.
  • Preferences: We use localStorage in your browser to remember UI preferences such as dismissed banners.
  • Analytics: Google Analytics sets cookies to measure traffic and usage patterns. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

You can configure your browser to refuse cookies, though some parts of the Service may not function correctly without them.

6. Data Security

We take security seriously. Measures we employ include:

  • All data transmitted between your browser/application and our servers is encrypted using TLS.
  • Passwords are hashed using a strong one-way algorithm and are never stored in plaintext.
  • API keys are hashed with SHA-256 before storage — the plaintext key is never retained.
  • OAuth tokens for Google Drive are encrypted at rest.
  • Access to production systems is restricted to authorized personnel only.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. If you discover a security vulnerability, please report it to privacy@browsergrab.app.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Request a machine-readable export of your data.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at privacy@browsergrab.app. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

If you are located in the European Economic Area (EEA) or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data lawfully.

8. Children's Privacy

The Service is not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. International Data Transfers

BrowserGrab is operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States and other countries where our service providers operate. We ensure that such transfers are made in compliance with applicable data protection laws, including through the use of Standard Contractual Clauses where required.

10. Third-Party Services

The Service integrates with third-party services. This policy does not cover how those services handle your data. We encourage you to review their privacy policies:

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email (sent to the address associated with your account) or by displaying a prominent notice on the Service at least 14 days before the change takes effect.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BrowserGrab

Email: privacy@browsergrab.app

Website: browsergrab.app