Privacy Policy

Grabbit is a screenshot API and developer console operated by BrainGrid AI, Inc., 1111B S Governors Ave STE 29316, Dover, DE 19904, USA ("BrainGrid", "we", "us"). This policy describes what we collect when you use Grabbit, how we use it, and the choices you have.

For your account, usage, and billing data, we decide how the data is processed and act as the data controller. For the content of web pages you direct the service to capture, we act as a processor on your behalf: you choose what to capture, and we capture and store it for you.

Account information

When you sign in through BrainGrid, we store your email address and a unique user identifier, plus the team name you choose. Authentication is handled by BrainGrid, so we never see or store a password for you.

Usage and API data

For each screenshot request we record:

• the target URL and request parameters (viewport, format, and similar options);
• response metadata such as image size, timing, status, and any error message;
• the IP address the request came from;
• the environment used (test or live).

We also store your API keys as SHA-256 hashes (never the raw key) along with a masked display version, key names, and last-used timestamps; webhook endpoint URLs you configure and their delivery logs; and short-lived idempotency records for request deduplication.

Screenshot content

The images captured at your direction are stored in our cloud storage and served from public, unguessable URLs. Anyone who has a screenshot's URL can view it without signing in.

Billing data

We store Stripe customer and subscription identifiers and a ledger of your credit transactions. Card numbers and full payment details go directly to Stripe and are never received or stored by us.

Cookies

We use only the cookies needed to run the service. We do not use analytics, advertising, or cross-site tracking cookies, which is why you will not see a cookie banner.

We use the data above to:

• provide and operate the service, including capturing and serving screenshots;
• authenticate you and secure your account;
• process payments and account for credit usage;
• enforce rate limits and detect and prevent abuse and fraud;
• respond to support requests;
• comply with legal obligations.

We may also create aggregated or de-identified statistics that do not identify you (for example, service performance metrics) and use them to operate, improve, and promote the service. We do not send marketing email and we do not use your data for advertising.

We share data only with the service providers that run Grabbit ("subprocessors") and as required by law. We do not sell personal information, and we do not "share" it for cross-context behavioral advertising as defined under California law.

We may disclose information if required by law, regulation, or valid legal process, or to protect the rights, safety, or property of BrainGrid, our users, or others. If BrainGrid is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction; this policy would continue to apply to it.

• Account records are kept while your account is active and deleted on request after closure.
• Screenshot request records (target URLs, parameters, IP addresses, metadata) are kept while your account is active or until you ask us to delete them.
• Captured screenshots are stored until you delete them or ask us to; they are not automatically deleted.
• Idempotency records are deleted automatically after 24 hours.
• Revoked API keys are deactivated immediately; their hashed records are retained for audit purposes.

API keys are stored only as SHA-256 hashes and shown masked in the console. Traffic to the API and console is encrypted in transit with TLS. Outbound webhooks are signed with HMAC-SHA256 so you can verify they came from us. Access to production data is restricted. That said, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You can request access to, correction of, or deletion of your account data and your captured screenshots by emailing support@grabbit.live. Depending on where you live, you may have additional statutory rights (for example under the GDPR or the California Consumer Privacy Act); we will honor valid requests as required by applicable law.

Web pages captured through Grabbit may contain personal data about third parties. The customer who directs a capture is responsible for having a lawful basis to capture and use that content. If your personal information appears in a screenshot captured by one of our customers and you want it removed, contact support@grabbit.live and we will review takedown requests promptly.

Grabbit is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

Grabbit is operated from the United States, and data is processed and stored in the United States (primarily in the AWS US West region). If you use the service from outside the US, you understand that your data is transferred to and processed in the US.

We may update this policy from time to time. The "Last updated" date above reflects the latest revision, and material changes will be announced through the site or console.

Privacy questions and requests can be sent to support@grabbit.live or by mail to BrainGrid AI, Inc., 1111B S Governors Ave STE 29316, Dover, DE 19904, USA.