← Back to home

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains how VouchShot collects, uses, and shares your information, and describes your privacy rights and choices when you use our services.

1. Definitions

In this policy, terms such as Company, Service, and Personal Data have their standard legal meaning. Company refers to Mnemosphere Pte Ltd, 14-04, 160 Robertson Road, Singapore 068914, and Service refers to the VouchShot website at https://www.vouchshot.com.

2. Information We Collect

Personal data you provide

  • Email address
  • First and last name
  • Account information needed to provide the Service

Usage and device data

  • IP address, browser type/version, visited pages, timestamps, and time on pages
  • Device identifiers and diagnostic/technical information
  • Mobile device information when you access via mobile

Payment and billing data

Payments are processed by trusted third-party providers (including Stripe). We do not store full credit card numbers on our servers.

Stripe connected account data

If you connect Stripe, we may process account, subscription, customer, invoice, payment, and related billing data to provide cancellation insights, analytics, recommendations, and service improvements (including aggregated/de-identified analysis).

Third-party login data

If you sign in via third-party providers (for example, Google OAuth), we may receive basic account details such as your name and email address.

3. Cookies, Tracking, and Analytics

We use cookies, web beacons, and similar technologies to run and improve the Service. This includes session cookies, persistent cookies, and functionality cookies.

We use analytics and product tools including Google Analytics and Microsoft Clarity on our website to:

  • Maintain service quality and performance
  • Identify and fix technical issues
  • Improve user experience and product decisions
  • Support customer support and internal analysis

We also use Google invisible reCAPTCHA to protect against spam, abuse, and fraud.

We honor Do Not Track signals for third-party advertising and marketing purposes, while still collecting essential product analytics for internal operational needs.

4. Chrome Browser Extension

VouchShot is also available as a Chrome browser extension. This section describes data practices specific to the extension, which are distinct from our website practices.

Content script injection

The extension injects a content script into every webpage you visit (using the <all_urls> permission). This script runs in an isolated context, separate from the page itself, and is inactive until you explicitly start a capture. It is present on all pages solely because VouchShot must be ready to operate on any site you choose to capture.

Tab screenshot capture

When you initiate a capture, the extension uses Chrome's captureVisibleTabAPI to take a screenshot of the active browser tab. This image is processed locally so you can select a region and add annotations. The final annotated image is then transmitted to VouchShot's servers, stored, and associated with a cryptographic verification record linked to your account.

DOM mutation observation

After you initiate a capture, the extension observes changes on the page using a MutationObserver from the moment the page is ready until you confirm the capture. The observer records:

  • Text changes (before and after values, truncated)
  • Attribute changes on a fixed allow-list (such as class, style, hidden, aria-hidden, href, src, value, checked, disabled)
  • Nodes added or removed
  • For each change: the document-coordinate bounding box, the page tag name, and a short context label (such as the closest aria-label or button label, capped at 80 characters)

These records are sent to VouchShot servers alongside your screenshot to power the tamper-evidence analysis and to identify which changes occurred inside the captured region. Full page HTML, page-wide text content, or personal data outside the recorded fields above is not collected.

AI cross-check on captured mutations

After your screenshot is saved, VouchShot asks a third-party large language model (currently Google's Gemini Flash Lite) to give an independent verdict on whether the recorded mutations indicate tampering. The model receives only the mutation records described above and the hostname of the captured page. It does not receive the screenshot image, your account email, or any other personal data.

The verdict is stored alongside the screenshot and shown on the public verification page as a second-opinion signal. Google processes prompts under their Gemini API terms; please refer to those for details on how Google handles request data. We do not authorize Google to use VouchShot prompts to train their models on the Gemini API free tier where available; if you are on a paid tier this may differ — review Google's policies before relying on this guarantee.

Extension storage

The extension stores the following data locally in Chrome's extension storage:

  • Your authentication session token, to keep you signed in
  • Your email address, for display and analytics identity
  • A randomly generated anonymous device identifier (extensionAnonymousId)
  • A temporary capture session state, cleared after each capture completes or is cancelled

Authentication sync from VouchShot pages

To synchronise your session, the extension may read from the localStorageof open VouchShot.com tabs using Chrome's scripting permission. Only VouchShot authentication data is read; no other page content is accessed.

Extension permissions summary

  • activeTab / tabs — to identify and reload the current tab when a capture is initiated
  • scripting — to inject the capture interface into pages and to read authentication data from VouchShot.com tabs only
  • storage — to persist your session token, email, anonymous ID, and capture state
  • <all_urls> host permission — to enable the content script to operate on any webpage you choose to capture

5. How We Use Your Data

  • Provide, operate, and maintain the Service
  • Manage user accounts and authentication
  • Process purchases and fulfill contractual obligations
  • Generate product insights from connected Stripe data
  • Send service updates, security notices, and optional promotional emails
  • Measure campaign effectiveness and improve product, marketing, and support
  • Support business transfers, reorganizations, or legal transactions if needed

6. How We Share Data

We may share personal data with:

  • Service providers and infrastructure partners
  • Affiliates under common control
  • Business partners for related offerings and promotions
  • Other users when you publish or share information publicly in-service
  • Authorities or parties as required by law or legal process
  • Successor entities in mergers, acquisitions, or asset sales
  • Other parties when you explicitly consent

7. Data Retention

We keep personal data only as long as needed for the purposes in this policy, including legal compliance, dispute resolution, and enforcing agreements. Usage data is usually kept for a shorter period unless needed for security, reliability, or legal obligations.

8. International Transfers

Your data may be processed in countries outside your jurisdiction. By using the Service and submitting data, you agree to such transfers. We take reasonable steps to ensure adequate safeguards for transferred personal data.

9. Your Rights and Choices

You can request access, correction, or deletion of personal data by contacting us.

  • You may update or delete some information from account settings
  • We may retain data where legally required or otherwise permitted by law

California rights (CCPA/CPRA)

  • Right to know/access personal information
  • Right to delete personal information
  • Right to opt out of sale (where applicable)
  • Right to non-discrimination for exercising rights

We do not sell personal information as defined under CCPA/CPRA.

EEA rights (GDPR)

  • Access, rectification, erasure, restriction, portability, and objection rights
  • Right to lodge a complaint with a supervisory authority

10. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If such data is identified, we will take steps to remove it.

11. Security

We use commercially reasonable safeguards to protect personal data. No transmission or storage method is completely secure, and absolute security cannot be guaranteed.

12. Third-Party Links

Our Service may link to external websites we do not control. We are not responsible for their content or privacy practices. Please review each third-party privacy policy.

13. Changes to this Policy

We may update this Privacy Policy from time to time. Changes are effective when posted. For material changes, we may provide additional notice (for example by email or in-app notice) and update the Last updated date.

14. Contact Us

If you have any questions about this Privacy Policy, contact us at hello@vouchshot.com.