Last updated: October 9th, 2020
The privacy of your data — and it is your data, not ours! — is a big deal to us. We’ll only ever access your account to help you with a problem or squash a software bug. We’ll never open any uploaded files unless you ask us to. We log all access to all accounts by IP address, so we can always verify that no unauthorized access has happened for as long as the logs are kept.
Identity & access
When you download Screenshop we collect the following information about you:
Log Information. We also collect log information when you use our website, such as:
- details about how you’ve used our services;
- device information, such as your web browser type and language;
- access times;
- pages viewed;
- IP address;
- identifiers associated with cookies or other technologies that may uniquely identify your device or browser; and
- pages you visited before or after navigating to our website.
Location Information. When you use our services we may collect information about your location. With your permission, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.
Camera and Photos. Many of our services require us to collect images and other information from your device’s camera and photos. For example, you won’t be able to browse product search results or upload photos from your camera roll unless we can access your camera or photos.
Device Information. We collect information from and about the devices you use. For example, we collect:
- information about your hardware and software, such as the hardware model, operating system version, device memory, advertising identifiers, unique application identifiers, apps installed, unique device identifiers, browser type, language, battery level, and time zone;
Checkout Information. We collect information about the you when you checkout with a product through Screenshop. For example, we collect:
- Last 4 digits of your credit card number (stored on Stripe who is PCI-compliant).
- Your shipping address so that we can fulfill your orders and make sure the product gets sent to you.
How we use this information about you:
Provide you with an amazing set of products and services that we relentlessly improve. Here are the ways we do that:
- develop, operate, improve, deliver, maintain, and protect our products and services.
- send you communications, including by email. For example, we may use email to respond to support inquiries or to share information about our products, services, and promotional offers that we think may interest you.
- monitor and analyze trends and usage.
- personalize our services to recommend products that suit your particular taste.
- enhance the safety and security of our products and services.
- verify your identity and prevent fraud or other unauthorized or illegal activity.
- use information we’ve collected from cookies and other technology to enhance our services and your experience with them.
- enforce our Terms of Service and other usage policies and comply with legal requirements.
How we share information:
With third parties. We may share information about you with service providers who perform services on our behalf, including Stripe which manages our payment processing and Mixpanel which tracks our analytics.
All the above data is collected and, with the exception of the selfies, stored on our or Stripes servers in the United States.
When you write Screenshop with a question or to ask for help, we'll keep that correspondence, and the email address, for future reference. When you browse our marketing pages, we'll track that for analytics purposes (like conversion rates and to test new designs). We also store any information you volunteer, like surveys, for as long as it makes sense.
If you provide us with your email address in the application, you also consent to receiving future marketing communications from us - your email will never be shared with any third party and all marketing communications will come from Screenshop directly.
The only times we’ll ever share your info:
To provide products or services you've requested, with your permission. Reach out for a list of third-party services we use.
To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
Your Rights With Respect to Your Information
Let’s start with your rights.
- Right to know what personal information we collect. You have the right to request details on the specific personal information we’ve collected about you. In addition, you can request a copy of your data by emailing us at email@example.com.
- Right to know who we share your data with. We do not sell your data, but we do share your information with others for legitimate business purposes. For example, we use service providers to store and host your data.
- Right to deletion. You have the right to request deletion of your data, unless an exception applies. Examples of exceptions include when we need to keep data to meet legal obligations, detect fraud, investigate reports of abuse or other Terms of Service violations, or fix security issues. Upon your verified request, we’ll delete your personal information (unless an exception applies) and will direct our service providers to do the same.
- Get a timely response. You have the right to make two free requests in any 12-month period. We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days. Our support team is pretty great, so they tend to respond a lot quicker. The easiest way to get information is by following the instructions above, but you or your authorized agent can also email firstname.lastname@example.org.
- Non-Discrimination. It goes without saying, but we will not hold it against you when you exercise any of your rights. In fact, we encourage you to review your privacy settings closely and reach out to us with your questions.
The easiest way to exercise your rights is by emailing us at email@example.com with the user UUID displayed under the favorites section of the app.
We Don’t Sell Your Data
We don’t sell your data.
GDPR & LGPD
“Customer Personal Data” means the personal data of EEA, UK, and Brazilian data subjects provided to Screenshop by you or on your behalf when you are the Data Controller.
“Data Controller” means a controller as defined in the GDPR or LGPD, as applicable, who alone or jointly with others determines the purposes and means of the processing of Customer Personal Data.
“Data Protection Law” means the EEA, UK, and Brazilian data protection laws applicable to the processing of Customer Personal Data under this Agreement, including the GDPR and LGPD.
“EEA” means the European Economic Area.
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“LGPD” means Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais).
“Personal Data Breach” means the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed or controlled by Screenshop.
“Subprocessors” means third parties authorized under this Agreement to access and process Customer Personal Data in order to provide parts of the Business Services.
“UK” means the United Kingdom.
The terms “personal data,” “data subject,” “processing,” “controller,” ”processor,” “representative,” and “supervisory authority,” each as used in this Agreement, have the meanings given in the GDPR or LGPD, as applicable, in each case irrespective of whether Data Protection Law applies.
2. Processing of Customer Personal Data
a. Roles of Parties. Screenshop processes Customer Personal Data on behalf of and as instructed by the Data Controller, in accordance with Article 28 (1) GDPR and LGPD, as applicable.
b. Appointment. The Data Controller appoints Screenshop to process Customer Personal Data on the Data Controller’s behalf only as is necessary to provide the Business Services and as may subsequently be agreed to by the parties in writing.
c. Legitimacy of Processing. The Data Controller is responsible for ensuring a valid legal basis for processing the Customer Personal Data as well as any transfer of Customer Personal Data to a third party.
d. Details of Processing. The subject matter and details of processing are described in Schedule 1 of this Agreement.
e. Compliance with Law. Each party agrees it will comply with its obligations under the Data Protection Law relating to any Customer Personal Data it processes under or in relation to this Agreement. Without prejudice to the foregoing, Screenshop will not process Customer Personal Data in a manner that will, or is likely to, result in the Data Controller breaching its obligations under the Data Protection Law.
3. Screenshop Obligations
a. Processing of Customer Personal Data. Screenshop will only process Customer Personal Data in accordance with the Terms of Service (https://screenshopit.com/terms) and this Agreement, and will not use or process Customer Personal Data for any purpose other than in its capacity as processor appointed by the Data Controller.
b. Data Security. In accordance with Article 32 GDPR and LGPD, as applicable, and as described in Schedule 2 of this Agreement, Screenshop will implement and maintain all appropriate technical, administrative, and organizational measures required to: (i) ensure a level of confidentiality and security appropriate to the risks represented by the processing and the nature of Customer Personal Data; and (ii) prevent unauthorized or unlawful processing of Customer Personal Data, accidental loss, disclosure or destruction of, or damage to, Customer Personal Data.
c. Non-Disclosure. Screenshop will not publish, disclose, or divulge (and will ensure that its personnel do not publish, disclose, or divulge) Customer Personal Data to a third party unless the Data Controller has given its prior written consent.
d. Confidentiality. Screenshop will ensure that only personnel who may be required to assist in meeting its obligations under the Terms of Service (https://screenshopit.com/terms) or this Agreement will have access to Customer Personal Data and that such personnel are bound by appropriate obligations of confidentiality, and take all reasonable steps in accordance with best industry practice to ensure the confidentiality of the Customer Personal Data.
e. Complaint Handling. Screenshop will inform the Data Controller promptly, and in any event within two business days, of any enquiry or complaint received from a data subject or supervisory authority relating to Customer Personal Data.
f. Cooperation. Screenshop will provide reasonable cooperation and assistance to the Data Controller as the Data Controller may reasonably require to allow the Data Controller to comply with its obligations under Articles 32 through 36 GDPR and LGPD, as applicable, including in relation to data security, data breach notification, data protection impact assessments, prior consultation with supervisory authorities, the fulfilment of data subjects’ rights, and any enquiry, notice or investigation by a supervisory authority.
g. Providing Evidence. During the term of this Agreement and for a period of one year thereafter, Screenshop will make available to the Data Controller, or an internationally recognized auditing firm acting on the Data Controller’s behalf, all information reasonably necessary to demonstrate Screenshop’s compliance with this Agreement, and Screenshop will allow for and contribute to audits conducted by the Data Controller or its representatives who are bound by appropriate obligations of confidentiality; if: (i) the Data Controller provides no fewer than ten business days’ prior written notice to Screenshop; (ii) such audit is conducted during Screenshop’s normal business hours and in a manner that does not unreasonably interfere with Screenshop’s normal business operations; (iii) such audit lasts no longer than three total business days; (iv) in no event is the Data Controller (or, for avoidance of doubt, any authorized third-party auditor) entitled to access or receive Screenshop’s proprietary or confidential information, except to the extent strictly necessary to demonstrate compliance with this Agreement; and (v) the Data Controller is obligated to reimburse Screenshop for Screenshop’s documented reasonable costs if that audit determines that Screenshop is in compliance with this Agreement. In the event the audit determines Screenshop is out of compliance with this Agreement, then Screenshop will be obligated for all reasonable costs of such audit.
h. Return or Destroy Customer Personal Data. Upon completion of Screenshop’s obligations in relation to processing of Customer Personal Data under this Agreement or upon the Data Controller’s request at any time during the term of this Agreement, (and, if the Data Controller so requests, at regular intervals set by the Data Controller), Screenshop will either: (i) return all or subsets of the Customer Personal Data in Screenshop’s possession to the Data Controller; (ii) render all or part of Customer Personal Data anonymous in such a manner that the data no longer constitutes personal data; or (iii) permanently delete or render all or parts of the Customer Personal Data unreadable. Upon the Data Controller’s request, Screenshop must provide written confirmation to the Data Controller of the anonymization, return, and deletion of Customer Personal Data.
i. Hashed Customer Personal Data. If Screenshop receives Customer Personal Data in hashed or otherwise obfuscated format, Screenshop will: (i) not attempt to reverse engineer or otherwise try to re-identify the hashed or obfuscated the Data Controller Personal Data unless the Data Controller instructs Screenshop to do so; and (ii) only share the Customer Personal Data in the format Screenshop received it from the Data Controller.
4. Personal Data Breach
a. Notification. In accordance with Article 33 GDPR and LGPD, as applicable, Screenshop will notify the Data Controller without undue delay and, where feasible, no more than 48 hours after becoming aware of a Personal Data Breach. Screenshop will also provide the Data Controller with a description of the Personal Data Breach, the type of data that was the subject of the Personal Data Breach, (to the extent known to Screenshop) the categories of data subjects affected, and other information required by applicable Data Protection Law, as soon as such information can be collected or otherwise becomes available, and Screenshop will cooperate with any reasonable request made by the Data Controller relating to the Personal Data Breach.
b. Investigation. Screenshop agrees to immediately take action to investigate the Personal Data Breach, to identify, prevent, and mitigate the effects of any such Personal Data Breach, and with the Data Controller’s prior agreement, to carry out any recovery or other action necessary to remedy the Personal Data Breach.
a. Authorized Subprocessors. The Data Controller specifically authorizes the engagement of Screenshop’s affiliates to process Customer Personal Data and the Data Controller generally authorizes the engagement of any other third parties as Subprocessors to process Customer Personal Data.
b. Obligations of Subprocessor. In accordance with Article 28 (4) GDPR and LGPD, as applicable, Screenshop will impose legally binding contract terms on each Subprocessor that are as restrictive as those contained in this Agreement.
c. Restricted Access. Screenshop will ensure each Subprocessor only accesses and uses Customer Personal Data to the extent required to perform the obligations subcontracted to it and in accordance with this Agreement.
6. Data Transfers
a. If the Data Controller is established in the EEA and transfers personal data to Screenshop by Craze Inc, the Standard Contractual Clauses are incorporated by reference into this Agreement and apply to that transfer.
b. With respect to Personal Data of EEA and UK data subjects, the Data Controller and Screenshop agree that Screenshop may process Customer Personal Data outside the EEA and the UK where the Data Protection Law requirements (including, where applicable, Articles 44 through 47 GDPR) are fulfilled, or an exception (including, where applicable, those listed in Article 49 GDPR) applies.
c. With respect to Personal Data of Brazilian data subjects, the Data Controller agrees that Screenshop may process Customer Personal Data outside of Brazil, and represents and warrants that such transfer of Customer Personal Data is in compliance with LGPD.
7. Indemnity; Subprocessor Liability
a. Indemnity. Screenshop agrees to indemnify the Data Controller against all third-party complaints, charges, claims, damages, losses, costs, liabilities, and expenses due to, arising out of, or relating in any way to Screenshop’s breach of this Agreement.
b. Indemnity Process. The Data Controller will promptly notify Screenshop in writing of any indemnification claim, but any failure to notify Screenshop will not relieve Screenshop from any indemnity liability or obligation it may have, except to the extent Screenshop is materially prejudiced by that failure. The Data Controller will reasonably cooperate with Screenshop, at Screenshop’s expense, in connection with the defense, compromise, or settlement of any indemnification claim. Screenshop will not compromise or settle any claim in any manner, nor make any admission of liability, without the Data Controller’s prior written consent, which the Data Controller may provide in its sole discretion. The Data Controller may participate (at its cost) in the defense, compromise, and settlement of the claim with counsel of the Data Controller’s choosing.
c. Subprocessor Liability. Screenshop acknowledges and agrees that it will remain liable to the Data Controller for a breach of the terms of this Agreement by a Subprocessor and any other subsequent third-party processors appointed by it.
a. Termination. This Agreement will terminate automatically upon termination of the Terms of Service (https://screenshopit.com/terms).
b. Survival. Screenshop’s obligations related to returning or deleting Customer Personal Data will survive termination of the Terms of Service (https://screenshopit.com/terms) and this Agreement until Screenshop has returned or deleted the Customer Personal Data in accordance with this Agreement.
Processors we use
As part of the services we provide, and only to the extent necessary, we may use certain third party processors to process some or all of your personal information. For identification of these processors, and where they are located, please email us at firstname.lastname@example.org. We have signed appropriate data processing contracts that comply with GDPR with each processor.
Screenshop won’t hand your data over to law enforcement unless a court order says we have to. We flat-out reject requests from local and federal law enforcement when they seek data without a court order. And unless we're legally prevented from it, we’ll always inform you when such requests are made.
Security & Encryption
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Data isn’t encrypted while it's live in our database (since it needs to be ready to send to you when you need it), but we go to great lengths to secure your data at rest—you can read more about that on our security page.
Location of Site and Data
This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.
Changes & questions
Screenshop may update this policy once in a blue moon — we’ll notify you about significant changes by emailing the account owner or by placing a prominent notice on our site. You can access, change or delete your personal information at any time by contacting our support team.