homeStoreshot
Storeshot

Privacy Policy

Last updated: 1 May 2026

Storeshot (“Storeshot”, “we”, “us”) is an AI-powered tool that turns raw mobile-app screenshots into store-ready App Store and Google Play marketing screenshots. This Privacy Policy explains what data we collect, how we use it, and what your choices are.

1. What we collect

1.1 Account information

If you sign in with Google, we receive your email address, full name, profile picture URL, and Google account ID. We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google service. We use these only to identify you, address you by name in the product, and contact you about your account when needed.

1.2 Anonymous device identifier

For users who haven't signed in, we generate a per-device fingerprint via FingerprintJS to enforce the free-trial limit (3 generations per device). This identifier is stored in our database alongside a usage counter. It is not linked to any personal data and is not used for advertising or tracking across other sites.

1.3 Screenshots you upload

When you upload a screenshot of your app, the image is sent to our servers and forwarded to Google's generative AI services for image generation. We do not retain the original uploaded screenshot after the generation completes — only the generated output image is saved to your project (so you can come back to it).

1.4 Generated screenshots and project metadata

Generated screenshots are stored in our database against your account so you can revisit and download them later. We also save lightweight metadata about each project: project name, the device class (iPhone, iPad, etc.), and any titles/subtitles you typed.

1.5 Payment information

Payments are processed by our third-party payment provider, who acts as the merchant of record for all purchases. We do not see, store, or have access to your full card number, CVV, or billing address. The payment provider sends us a confirmation that a payment succeeded, the amount, the currency, and an order ID. We store these alongside the credits granted so we can show your purchase history. Receipts and VAT/sales-tax-compliant invoices are issued and emailed by the payment provider directly.

1.6 Server logs

Our hosting provider (Vercel) and database provider (Supabase) keep standard server logs that may include IP address, user agent, and request timestamps for security and debugging. These logs are retained per the respective providers' default retention windows.

2. How we use your data

  • To run the product: authenticate you, enforce credit balances and project caps, generate screenshots, show your dashboard, deliver invoices.
  • To support you: respond to questions or bug reports you send to support@storeshot.co.
  • To improve the product: aggregate, anonymized usage signals (e.g. “X% of users picked Creative mode”). We do not look at your individual screenshots to train models or for any other purpose.
  • To meet legal obligations (e.g. tax records on purchases).

We do not sell your data. We do not share it with advertisers. We do not use your screenshots or generated images to train AI models — neither ours, Google's, nor anyone else's.

3. Third-party processors

To run Storeshot we use these third-party services. Each handles a defined slice of your data:

  • Google — Sign-in identity; image generation. When you upload a screenshot, it is transmitted to Google's generative AI services for processing. See Google's privacy policy.
  • Supabase — Account database, generated-image storage, server-side authentication. See Supabase's privacy policy.
  • Payment provider — Payment processing (merchant of record), checkout pages, invoices, receipts, and global VAT/sales-tax compliance.
  • Vercel — Application hosting, edge network. See Vercel's privacy policy.
  • FingerprintJS — Browser-fingerprint-based abuse prevention for the free tier. See FingerprintJS's privacy policy.
  • Firebase / Google Analytics — Aggregate, privacy-respecting product analytics (page views, basic conversion events). We do not use it to build advertising profiles or share your data with advertisers. See Firebase's privacy and security info.

4. Cookies and similar technologies

Storeshot uses cookies for: keeping you signed in (a session cookie set by Supabase), remembering your consent state, and a first-party Firebase Analytics cookie that lets us see aggregate page views and conversion events. We do not use third-party advertising or marketing tracking cookies, and we do not share analytics data with advertisers. Sign-out clears your session cookie.

5. Data retention

We keep your account, projects, and purchase history for as long as your account is active. If you delete a project, the project record and its generated images are deleted from our database. If you ask us to delete your account (see Section 7), all account-linked data is removed within 30 days, except where we are required by law to retain it (e.g. tax records of past purchases).

6. Security

We use industry-standard practices: HTTPS everywhere, hashed/salted secrets, row-level security on the database so users can only access their own rows, and least-privilege server-side credentials. No system is 100% secure, but we treat your data with care and will notify you promptly if we ever discover a breach affecting your account.

7. Your rights

You can:

  • Access what we store about you — your dashboard already shows credits, projects, and purchase history.
  • Delete a project at any time using the trash icon on the project row.
  • Delete your account by emailing support@storeshot.co. We will confirm the request and delete your account within 30 days. Credits already spent are not refundable.
  • Export your data on request — generated screenshots can already be downloaded from your dashboard; for a full data export, email us.
  • If you are in the EU/UK, exercise your GDPR rights (rectification, restriction, objection, portability) by emailing the same address.

8. Children

Storeshot is not intended for children under 13 (or under the relevant age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

9. International transfers

Storeshot is hosted on Vercel and Supabase, which run on global infrastructure. Your data may be processed in the United States, the European Union, and other regions where these providers operate. By using Storeshot you consent to this processing.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will reflect the most recent change. Material changes will be communicated by email or an in-product notice.

11. Contact

Questions, requests, or concerns about this policy? support@storeshot.co.

Privacy Policy — Storeshot