Privacy Policy — Maxisnap

At Maxisnap, your privacy matters. This policy explains what data we collect, why we collect it, and how we protect it. We've written it in plain language because legal jargon helps no one.

The short version: We collect product analytics and the account data we need to operate Maxisnap. Your screenshots are yours. We don't sell your information, run advertising on it, or share it with data brokers. You can turn telemetry off in Settings.

1. What Data We Collect

Account information (Pro and Studio customers)

If you purchase Maxisnap Pro or Studio, we store the email address on your account, your tier (free / pro / studio), your Stripe customer ID, and the high-level state of your subscription (active, past-due, canceled, current period end). Payment processing is handled by Stripe; we do not store your full credit-card number, CVV, expiration, or other sensitive payment-card details on our servers.

Product analytics and crash reports

The Maxisnap desktop application collects telemetry to help us understand how the app is used, diagnose bugs, and improve the product. This includes:

Application version, install ID, session ID, and update status
Windows or macOS version, device class, monitor count, resolution, DPI scaling, locale, and time zone
Feature usage events such as capture mode, annotation tool, upload success/failure, settings page views, and update checks
Crash diagnostics such as exception type, stack hash, app version, and a short list of recent in-app actions
Server-derived country, region, city, and ASN, plus a salted one-way hash of your IP address (used for abuse prevention, geographic aggregation, and grouping duplicate installs — the hash cannot be reversed back to your IP)
For signed-in users, account identifiers such as email address, user ID, and plan tier so we can link app usage to your account for support and analytics

Anonymous (non-signed-in) users are tracked with a random install ID; we do not link this ID to a person. Signed-in usage is linked to the signed-in account.

Telemetry opt-out

You can disable desktop telemetry collection in Settings → Privacy → Send anonymous usage data. Telemetry is enabled by default; turning it off stops the desktop app from sending product-analytics events for your install. Crash reports for severe failures may still be sent to help us diagnose system-level problems, and the page-view beacon on the maxisnap.com website is independent of the desktop opt-out (governed by the Cookies section below).

What we do not collect

The visual contents of your screenshots
Your browsing history or activity outside of Maxisnap
Personal files on your computer
Keystrokes or screen recordings
Information from other applications running on your device

2. Screenshots and Uploads

Your screenshots are not stored on our servers unless you explicitly choose to upload them.

When you capture a screenshot, it exists only on your local machine. If you choose to upload via Maxisnap Cloud (the built-in shareable-link feature), the image is uploaded to our Cloudflare R2 storage to generate the link. Specifically:

Retention. Free-tier uploads are retained for 30 days. Pro uploads are retained for 12 months. After that, they are automatically deleted.
Access. Uploads are reachable via their unique link. Anyone with the link can view the image. Pro users can password-protect uploads.
Deletion. You can delete any uploaded screenshot at any time from your account dashboard. Deletion is permanent and immediate.

If you use Studio's "Add Your Own Server" feature to upload to your FTP, SFTP, S3-compatible, or HTTP endpoint, your screenshots are sent directly to your infrastructure and never pass through our servers. Studio gives you complete control of where the bytes go.

3. How We Use Your Data

We use the data we collect to:

Provide and maintain the Maxisnap service
Process Pro subscription and Studio one-time payments via Stripe
Send transactional emails (receipts, password resets, billing notices, account security warnings)
Send occasional product update notices to Pro customers (you can opt out)
Improve application performance and features based on aggregated usage patterns
Diagnose and fix bugs using crash reports and stack traces

We do not use your data for advertising. We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not participate in cross-site advertising networks or behavioral-ad bidding.

4. Payment Data — Stripe

Payments for Pro subscriptions and Studio one-time purchases are processed by Stripe, Inc. Stripe is a PCI-DSS Level 1 service provider, which is the highest level of payment-card security certification. When you enter card details at checkout, those details go directly from your browser to Stripe over a TLS-encrypted connection — they do not pass through Maxisnap's servers, and we do not see, log, or store the full card number, CVV, or expiration date.

What we receive from Stripe and store on our side: a Stripe customer ID, a Stripe subscription or payment-intent ID, the last four digits of your card and the card brand (so we can show "Visa ending in 4242" in your billing UI), and your billing email. Read Stripe's own privacy practices at stripe.com/privacy.

5. Data Sharing

We do not sell your personal data. We share limited data with the following service providers, only to operate the Service:

Stripe — payment processing and the customer billing portal
Cloudflare — CDN, DNS, R2 storage for shared images, D1 database for accounts, and Workers compute for the API
Resend — transactional email delivery for receipts, password resets, and billing notifications
Google Analytics — aggregated website usage analytics on maxisnap.com (configured to not share data with Google for advertising; you can opt out at the website using your browser's Do Not Track signal or by blocking analytics)

These providers are contractually obligated to use your data only to provide services to us and to protect your information. We may also disclose data if required by law (for example, a valid subpoena) or where we believe disclosure is necessary to protect the safety of users or the integrity of the Service.

6. Cookies

The Maxisnap website uses minimal cookies:

Essential cookies. Required for the website to function (for example, the session cookie for Pro account login).
Analytics cookies. Anonymous site usage analytics (Google Analytics) to help us improve the website experience.

We do not use advertising cookies, retargeting pixels, or third-party tracking beyond the analytics provider listed above. The desktop application does not use cookies; it stores its own settings locally on your machine.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/HTTPS), encrypted storage at rest for sensitive data, hashed passwords, salted one-way hashing for analytics IPs, and access controls on our admin systems. Stripe's PCI-DSS Level 1 infrastructure handles all card data. However, no method of electronic transmission or storage is fully secure, and we cannot guarantee absolute security. If we ever experience a security incident that affects your data, we will notify you and the appropriate regulators in accordance with applicable law.

8. GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under GDPR and equivalent laws:

Right to access. Request a copy of the personal data we hold about you.
Right to rectification. Request correction of inaccurate data.
Right to erasure. Request deletion of your personal data.
Right to portability. Request your data in a machine-readable format.
Right to object. Object to processing for specific purposes.
Right to restrict processing. Request that we limit how we use your data.
Right to withdraw consent. Withdraw consent for any processing based on consent.
Right to lodge a complaint. Complain to your local data-protection authority.

9. CCPA / CPRA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

Right to know. Know what personal information we collect, the sources we collect it from, the purposes for collection, and the categories of third parties with whom we share it.
Right to delete. Request deletion of personal information we hold.
Right to correct. Request correction of inaccurate information.
Right to opt out of sale or sharing. We do not sell your personal information and we do not share it for cross-context behavioral advertising. There is nothing to opt out of, but the right exists.
Right to non-discrimination. We will not deny you service or charge you a different price for exercising these rights.

To exercise GDPR or CCPA rights, email privacy@maxisnap.com from the address on your account. We will respond within 30 days (45 days for some CCPA requests, where allowed). We may need to verify your identity before fulfilling certain requests.

10. Data Retention

Account data. Retained while your account is active, plus 30 days after deletion to handle billing reconciliation and accidental-deletion recovery.
Maxisnap Cloud uploads. Free-tier uploads retained 30 days; Pro uploads retained 12 months. You can delete sooner at any time.
Analytics data. Aggregated analytics retained up to 24 months. Event-level desktop telemetry retained only as long as needed for product analysis, debugging, and abuse prevention — typically up to 12 months.
Crash reports. Retained for 12 months to allow us to correlate recurring issues across releases.
Billing records. Retained for 7 years where required by tax and accounting law.

11. Children's Privacy

Maxisnap is not directed at children under 13. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 13, we will delete it promptly. Parents or guardians who believe their child has used Maxisnap can email privacy@maxisnap.com to request deletion.

12. International Data Transfers

Maxisnap's infrastructure is hosted on Cloudflare's global network. Your data may be processed in any country where Cloudflare, Stripe, or our other processors operate. We rely on standard contractual clauses and the data-transfer safeguards required by GDPR for transfers from the EEA.

13. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify Pro and Studio customers by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this privacy policy or how we handle your data:

Privacy and data requests: privacy@maxisnap.com
General inquiries: Contact form