ShotsGlow
Legal

Privacy Policy

Short version: we don't track you. No analytics, no ad cookies, no fingerprinting. Your screenshots are edited entirely on your machine and are never uploaded. Here are the details required under the GDPR.

1. Controller

The controller responsible for data processing on this website is:
Max Fischer — MXF Labs, Lammersdorfer Straße 2, 52159 Roetgen, Germany.
Email: [email protected].

We have not appointed a data protection officer, as we are not legally required to do so.

2. The short, honest summary

ShotsGlow is built to be private. The desktop app captures, edits, redacts and removes backgrounds entirely on your device — nothing is uploaded. This website currently uses no analytics, no advertising cookies and no cross-site tracking. The only data processed is what's technically necessary to serve the site and to fulfil a purchase.

3. Hosting & server logs

The site is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. When you visit, the server automatically processes technical access data (IP address, date and time, requested URL, referrer, browser/OS) in server log files. This is necessary to deliver the site securely and stably. Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in a secure, functioning website). A data processing agreement is in place with Hetzner. Logs are kept only as long as needed for operation and security and then deleted.

4. Content delivery & downloads (Cloudflare)

We use Cloudflare, Inc. (101 Townsend Street, San Francisco, CA, USA) as a content delivery network and reverse proxy, and Cloudflare R2 to serve the installer download. Cloudflare processes connection data (including IP address) to route and secure traffic. Legal basis: Art. 6 (1)(f) GDPR (security and performance). Data transfers to the USA are covered by the EU Standard Contractual Clauses and Cloudflare's Data Privacy Framework certification. See Cloudflare's privacy policy.

5. Purchases & payment (Polar)

Checkout and payment are handled by our Merchant of Record, Polar Software, Inc. When you buy ShotsGlow, you are taken to a checkout operated by Polar, which collects and processes the data needed for the sale (e.g. name, email, billing/payment details) and acts as the seller of record, including invoicing and tax. We receive only the information needed to deliver your licence and provide support (such as your email, name and order/licence details). Legal basis: Art. 6 (1)(b) GDPR (performance of a contract). Please see Polar's privacy policy for how Polar processes your data.

Licence activation in the app sends only your licence key and a hashed device identifier to verify activation — never your screenshots or personal files.

6. Cookies & local storage

We set no tracking or advertising cookies. The only browser storage we use is a single functional flag in your browser's local storage to remember that you dismissed the cookie notice. This is technically necessary and stored only on your device. Cloudflare may set a strictly necessary security cookie to protect the site.

7. Analytics (planned)

We currently run no analytics. If we later add privacy-friendly, EU-hosted product analytics (e.g. PostHog EU), we will update this policy and ask for your consent beforehand (Art. 6 (1)(a) GDPR, § 25 TDDDG). Until then, there is nothing to opt out of.

8. Contacting us

If you email us (e.g. for support or a refund), we process the data you provide to handle your request. Legal basis: Art. 6 (1)(b) and (f) GDPR. We delete such correspondence once it is no longer needed and no statutory retention periods apply.

9. Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectification (Art. 16) and erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interest (Art. 21);
  • withdraw consent at any time, with effect for the future (Art. 7 (3)).

To exercise any of these, email [email protected].

10. Right to complain

You have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany — ldi.nrw.de.

11. No automated decision-making

We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.

12. Changes to this policy

We may update this policy as the site or our processors change (for example when adding analytics). The current version always applies and is published on this page.