Privacy Policy - OnlyScreenshot

Data controller

OnlyScreenshot is operated by Alberto Lopez, trading as Alcybercloud.it. Privacy and support contact: support@alcybercloud.it. WhatsApp contact: +39 3773094661.

Scope and privacy roles

For data collected through onlyscreenshot.com, public pages, the account area and support channels, OnlyScreenshot acts as data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 ("GDPR").

When the widget is installed on customer or third-party websites, the site operator that decides to use the widget will normally remain the party determining purposes and means of processing vis-a-vis its own end users. In that scenario OnlyScreenshot provides the technical infrastructure of the service and mainly processes data on behalf of the customer, as processor under Article 28 GDPR, without prejudice to limited autonomous processing that may be necessary for security, abuse prevention, legal compliance and defence of rights.

The specific privacy-role allocation may depend on the actual use case, the widget configuration and the contractual arrangement between OnlyScreenshot and the customer deploying the widget on its website.

Categories of personal data

Account data: name, email address, encrypted password, login data and language preferences.
Technical and security data: IP address, user agent, browser, operating system, screen resolution, viewport, technical logs and session metadata.
Bug report content: page URL, screenshot, title, message, console logs and any other content voluntarily submitted through the widget.
Contact data: information submitted via email or other support channels.
Privacy preference data: cookie choices, selected language and technical logs needed to manage or demonstrate preference handling where applicable.

Purposes and legal bases

Account creation, authentication and service delivery: performance of a contract or pre-contractual steps under Article 6(1)(b) GDPR.
Collection, storage and display of bug reports requested by the customer: performance of the requested service and, in B2B contexts, legitimate interest under Article 6(1)(f) GDPR in making the service operational and verifiable, without prejudice to the customer’s own role toward end users.
Platform security, abuse prevention, rate limiting, logging, application hardening, fraud prevention and defence of legal claims: legitimate interest under Article 6(1)(f) GDPR.
Handling support requests, service communications and operational contacts: performance of a contract, pre-contractual steps or legitimate interest, depending on the specific context.
Compliance with legal, tax, accounting or lawful authority requests: Article 6(1)(c) GDPR.
Cookies or non-essential tools, if introduced in the future: consent under Article 6(1)(a) GDPR, Directive 2002/58/EC as implemented by applicable national law and, for Italy, Article 122 of Legislative Decree no. 196/2003 as amended.

Whether providing data is mandatory

Providing the data required for registration, login, project management and bug report submission is necessary to use the service. Without such data, OnlyScreenshot may be unable to provide the service or protect it against abuse.

Users installing the widget on their own sites should assess which content they ask from end users and should avoid, as far as possible, collecting special categories of personal data or information not needed for technical diagnosis.

Source of the data

Data may be collected directly from the user creating an account or using the site.

In the case of bug reports, data may also originate from end users of the website where the widget is installed and from the device/browser used at the time of the report.

In limited cases, data may also come from technical providers, security systems, infrastructure logs or customer incident reports needed for service continuity and incident handling.

Retention

Account data: for the duration of the account and, afterwards, for the time needed to handle administrative, tax, security or dispute-related obligations.
Bug reports and screenshots: until deletion by the user, deletion of the project or closure of the account, unless longer retention is required by law or for the establishment, exercise or defence of legal claims.
Technical and security logs: for as long as strictly necessary for monitoring, abuse prevention and troubleshooting, unless a longer retention period is required in connection with incidents or disputes.
Cookie and language preferences: according to the durations described in the Cookie Policy or until manually deleted from the browser.

Recipients and categories of recipients

Hosting, cloud infrastructure, storage, email, security, maintenance and technical support providers, appointed as processors where required under Article 28 GDPR.
Professional advisers, consultants or public authorities when required by law or necessary to establish, exercise or defend a legal right.
The customer that owns the project receiving bug reports through the dashboard.

Transfers outside the EEA

Where possible, OnlyScreenshot prefers providers and infrastructure located within the European Economic Area.

If certain providers involve transfers of personal data to third countries, those transfers will be handled using the mechanisms provided by Chapter V GDPR, such as European Commission adequacy decisions under Article 45 GDPR or standard contractual clauses under Article 46 GDPR, where applicable.

Data subject rights

Access to personal data and a copy of the processed data under Article 15 GDPR.
Rectification or update of inaccurate or incomplete data under Article 16 GDPR.
Erasure of data in the cases provided by Article 17 GDPR.
Restriction of processing in the cases provided by Article 18 GDPR.
Notification to recipients of rectification, erasure or restriction where applicable under Article 19 GDPR.
Objection to processing based on legitimate interest, where applicable, under Article 21 GDPR.
Data portability within the limits of Article 20 GDPR.
Withdrawal of consent where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

Automated decision-making

As of the last updated date, OnlyScreenshot does not carry out solely automated decision-making or profiling within the meaning of Article 22 GDPR through its public website or dashboard where such processing would produce legal or similarly significant effects on data subjects.

Complaint to the supervisory authority

If you believe that processing infringes applicable data protection law, you may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) under Article 77 GDPR, without prejudice to any other administrative or judicial remedy available under law.

Data Protection Officer (DPO)

As of the last updated date, OnlyScreenshot has not appointed a Data Protection Officer under Articles 37-39 GDPR, as such designation does not currently appear mandatory in light of the present structure and activities of the service. If this changes, this notice will be updated accordingly.

Security measures

User authentication and session protection.
Authorization controls on projects and reports.
Rate limiting, server-side validation, image checks and website security headers.
Reasonable technical and organisational measures designed to reduce unauthorised access, loss, misuse or improper disclosure of data.

Privacy contact

For privacy-related requests, data subject rights requests or questions about personal data processing, you can write to support@alcybercloud.it.

Main legal references

Regulation (EU) 2016/679 ("GDPR"), in particular Articles 4, 6, 13, 14, 15-22, 28, 32, 44-49 and 77.
Directive 2002/58/EC ("ePrivacy"), as implemented by applicable national law on electronic communications and cookies.
Italian Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018, in particular Article 122 for cookies and similar technologies in Italy.