Security Compliance

1. Security Program Overview

ScreenshotCenter maintains a risk-based security program focused on confidentiality, integrity, and availability of customer data and service operations.

2. Access Control

• • Least-privilege access principles for internal systems.
• • Role-based access controls for operational functions.
• • Multi-factor authentication for administrative accounts where supported.
• • Periodic access reviews and offboarding controls.

3. Infrastructure and Network Security

• • Cloud-hosted infrastructure with segmented environments.
• • Network filtering and restricted management access.
• • Security hardening baselines for hosts and services.
• • Monitoring and alerting for abnormal activity and system health.

4. Encryption and Key Management

• • Data in transit is protected using TLS.
• • Data at rest is protected through platform and provider controls.
• • Secrets and credentials are managed through controlled storage mechanisms.
• • Access to secret material is limited to authorized systems and personnel.

5. Application Security

• • Secure development practices in design, implementation, and deployment.
• • Dependency and patch management processes.
• • Input validation and centralized error handling in API services.
• • Logging and observability to support detection and response.

6. Vulnerability Management

• • Routine scanning and tracking of identified vulnerabilities.
• • Prioritization based on severity and exploitability.
• • Remediation timelines aligned to risk level.
• • Verification of fixes through testing and deployment controls.

7. Incident Response

We maintain incident response procedures that include identification, containment, investigation, mitigation, and post-incident review. Where required, affected customers are notified in accordance with legal and contractual obligations.

8. Business Continuity and Reliability

• • Backup and recovery practices for critical service data.
• • Operational monitoring to support uptime and performance goals.
• • Queue and retry mechanisms for resilient job processing.
• • Ongoing service improvement through post-incident actions.

9. Data Handling and Retention

Data handling and retention are governed by product settings, account plan terms, and legal obligations. Customers should configure outputs and integrations according to their own compliance requirements.

10. Vendor and Subprocessor Management

We use trusted third-party providers for infrastructure and operational functions. Vendors are selected and monitored using security and reliability criteria appropriate to their role.

11. Payment Security and Credit Card Handling

ScreenshotCenter does not store, process, or transmit credit card numbers or payment card data on its own infrastructure. All payment processing is handled exclusively by Braintree, a PayPal service, which is a validated Level 1 PCI DSS Service Provider.

• • Card data never touches ScreenshotCenter servers — it is collected and tokenized directly in the browser via Braintree's hosted fields.
• • Braintree is certified as a PCI DSS Level 1 Service Provider, the highest level of compliance in the payment card industry.
• • Braintree maintains comprehensive data security measures including encryption, tokenization, and fraud detection.
• • PayPal's security and compliance documentation is available at paypal.com/us/legalhub.
• • Braintree's privacy policy is available at braintreepayments.com/legal/braintree-privacy-policy.

By delegating card handling entirely to Braintree, ScreenshotCenter significantly reduces its PCI DSS scope and the risk of payment data exposure. For questions about Braintree's compliance posture, refer to their developer documentation or contact Braintree support.

12. Customer Responsibilities

• • Protect API keys, credentials, and dashboard accounts.
• • Configure access controls and integrations appropriately.
• • Review outputs for sensitive or regulated data before distribution.
• • Follow internal legal/compliance requirements for captured content.

13. Contact

For security inquiries, contact [email protected].