What screenshot inputs are required?

Clean simulator captures in PNG format are required. The studio composites each capture into the chosen device frame and applies your typography, layout and theme.

Can a project be saved and resumed later?

Yes. Authenticated users can save projects to the cloud, name them, and open them again from any device. Autosave runs every 30 seconds during an active session and uploads only the screenshot bytes that have actually changed. The Free tier supports one saved project; the Pro tier supports twenty.

Is the export compatible with fastlane?

Yes. The export bundle uses the exact directory layout expected by fastlane deliver and supply, including locale and device folders. iOS and Google Play screenshots may be mixed within a single bundle without further reorganisation.

Can multiple device sizes be rendered together?

Yes. Any combination of iOS 6.9, 6.7, 6.5 and Google Play may be selected. A single render produces every selected size and packages them in one bundle.

How customisable is the typography?

Each project supports an arbitrary number of named text fields. Within each field, individual character spans may be styled with their own font, size, weight, colour, italics, underline and alignment. More than 30 Google Fonts are available out of the box.

Where is data stored?

Render output and project assets are stored in Cloudflare R2 under the European Union jurisdiction (primary copy in Western Europe). Accounts, render history, and billing data sit in Postgres on a Contabo VPS in Düsseldorf, EU. Render outputs are removed after 24 hours; screenshots associated with saved projects are retained for the lifetime of the project. No training is performed on customer data, and the studio interface uses no tracking cookies.

legal · 01

Privacy notice

Last updated: 2026-05-18. Version 2.0.

1. Who runs AppScreen

AppScreen is operated by Omelas, an independent software studio. Postal address available on written request to hello@appscreen.co. No Data Protection Officer is appointed — AppScreen's scale and the categories of data we process don't meet the GDPR Art. 37 threshold. All privacy correspondence routes to the address above.

2. What we collect and why

Category	Purpose	Basis	Retention
Account (email, sign-in events)	Authenticate, scope your data	Contract (Art. 6(1)(b))	Account lifetime + 30d grace
Projects (screenshots, copy)	Render and store your work	Contract	Until you delete the project / account
Render bundles (ZIPs)	Deliver generated output	Contract	24h then auto-purged
Render history metadata	Show past jobs, enforce quota	Contract + legitimate interest	Account lifetime
Billing (name, address, card-tail)	Process Pro payments	Contract + legal obligation (tax)	10 years (EU tax law)
Email logs (recipient, message-id)	Deliverability, debug	Legitimate interest	90 days
Marketing email opt-in	Product updates	Consent (Art. 6(1)(a))	Until you withdraw
Anonymous rate-limit (IP hash + UA)	Anti-abuse for free tier	Legitimate interest	24 hours
Translation cache (source text)	Skip re-translation of repeats	Contract	Account lifetime

We do not collect special-category data (race, religion, health, etc.) and we do not profile you for automated decision-making.

3. Where your data lives

Application data (Postgres, render output, project assets) is hosted on a Contabo VPS in Düsseldorf, Germany. Cloudflare R2 buckets are pinned to the EU jurisdiction (WEUR primary). We do not train models on your data and we do not sell, rent, or share it for advertising.

Two sub-processors are outside the EU:

Firebase Authentication (Google LLC, US) — stores your email + sign-in credentials. Transfer under the EU Standard Contractual Clauses.
Stripe (Stripe Payments Europe, IE + Stripe Inc., US) — processes Pro subscriptions. Transfer under EU SCCs.

Full list: /legal/subprocessors.

4. Cookies and browser storage

AppScreen sets zero non-essential cookies and uses no analytics or advertising tracking. We do use strictly-necessary browser storage to make the app work:

IndexedDB — Firebase auth session, project blob cache for fast reloads, unsaved drafts.
localStorage — theme preference, sidebar collapsed state, dismissed notices.
Stripe checkout cookies — set by Stripe on the checkout page only, required to process your payment.

No consent is required for strictly-necessary storage under the EU ePrivacy Directive. If we ever add analytics, we'll switch to opt-in consent with category toggles and update this notice in advance.

5. Your rights

Under GDPR you can, at any time:

Access a copy of the data we hold about you — /account/data.
Rectify incorrect data — edit it in the studio or your account page.
Erase your account and everything tied to it — /account → "delete account". Hard purge runs 30 days later; you can cancel during that window.
Restrict or object to processing based on legitimate interest — email us.
Port your data to another service — download a JSON bundle from /account/data.
Withdraw consent for marketing email — toggle off at /account#email; takes effect immediately.
Complain to your local supervisory authority. If you're in the EU, that's typically your national Data Protection Authority — for Germany this is the regional DPA in Düsseldorf (LDI NRW); a directory of all EU authorities is on the EDPB website.

We respond to rights requests within 30 days at no charge, unless requests are clearly excessive.

6. Email

Transactional mail (render-ready notifications, billing receipts, sign-in links) is tied to using the service and can't be opted out of while your account is active.

Product updates are off by default. You only receive them if you tick the consent box at sign-up. Toggle off any time at /account#email; we sync the change to our email provider on the same request. Every marketing email also carries a one-click unsubscribe link.

7. Security

TLS everywhere with HSTS. Postgres + R2 encrypted at rest by the host. API keys stored as sha256 hashes. Stripe webhooks verified by signature. Soft-delete grace window of 30 days before hard purge so accidental deletes are recoverable. We keep audit logs of sensitive operations.

In the event of a personal-data breach likely to result in risk to your rights, we notify the relevant supervisory authority within 72 hours and you directly without undue delay.

8. Children

AppScreen is a developer tool for adults. We do not knowingly process data of anyone under 16. If you believe we have, write to hello@appscreen.co and we'll delete it.

9. Changes

We'll bump the version + date at the top whenever this notice changes. Material changes get an email to active accounts.

10. Contact

Privacy questions, rights requests, breach reports: hello@appscreen.co.