We're often asked about the security and safety of your data. In this page we'll describe some of the steps we take to prevent leakage of your intellectual property. If you have any further concerns, please feel free to reach out!
By default, all images uploaded to Screenshotbot are sent over an encrypted channel, and are stored on Screenshotbot's servers. In particular, we do not use external object storage such as S3.
This means that we can have tight controls over who can access your images.
Image URLs have encrypted information in order to access the image:
Anyone who is given this URL can access the image. (But we can override this if you wish!) This URL cannot be guessed, the only way to get access to this URL is to log in to your dashboard and copy the image URL for whichever image you are looking for.
By default, we might use CDNs to link to the images. In this situation the image might be cached on the CDN (we use CloudFront which is run by Amazon). But again, nobody can access the image unless they have the encrypted identifier. We can disable the CDN on request.
The use of the CDN and publicly accessible image URLs are meant to protect us from DDoS attacks. However, we understand that some enterprise customers might want to restrict access to images further, perhaps for legal reasons, or just to reduce the chance of a leak by someone who has access to your account.
For enterprise customers, if you wish, we can ensure that images are only accessible to users who are logged in. In this setup, if somebody has access to the URL, they would not be able to access the image. We would not use a CDN if you choose to go this route (since using a CDN would prevent us from doing access checks).