Privacy Policy

At PageBolt, we take your privacy seriously. This policy explains what information we collect, how we use it, and how we protect it. We've written it in plain English so you can understand exactly what's happening with your data.

Information We Collect

We collect only the information necessary to provide and improve our service:

• Account Information: When you sign up, we collect your email address and a password (which is hashed and never stored in plain text).
• API Usage Logs: We automatically log each API request you make, including:
  • The endpoint you called (e.g., /v1/screenshot, /v1/pdf)
  • The HTTP status code returned
  • Response time (how long the request took)
  • Timestamp of the request
  We do not log the content of your requests (like URLs or HTML you're processing) unless there's an error that requires debugging.
• Billing Information: If you upgrade to a paid plan, Stripe handles all payment processing. We never see or store your credit card details. Stripe provides us with your billing address and payment status only.

How We Use Your Information

We use the information we collect to:

• Provide and maintain the PageBolt API service
• Process your API requests and deliver screenshots, PDFs, OG images, video recordings, browser automation sequences, and page inspections
• Track your usage against your plan limits
• Send you important account updates (like usage warnings or service changes)
• Respond to support requests
• Detect and prevent abuse or security threats
• Improve our service by analyzing aggregate usage patterns (we never look at individual request content)

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties except as described in the "Third-Party Services" section below.

Data Storage & Security

We take security seriously:

• All data is encrypted in transit using TLS/SSL
• Passwords are hashed using industry-standard algorithms (bcrypt)
• API keys are stored securely and never exposed in logs or error messages
• Our infrastructure is hosted on secure cloud providers with regular security audits
• We follow security best practices and keep our dependencies up to date

While we implement strong security measures, no system is 100% secure. If we discover a security breach that affects your data, we will notify you as soon as possible.

Third-Party Services

We use a few trusted third-party services to operate PageBolt:

• Stripe: We use Stripe to process payments. When you subscribe to a paid plan, Stripe collects and stores your payment information. Stripe's use of your data is governed by their Privacy Policy. We only receive information about your subscription status and billing address from Stripe.
• Plausible Analytics: We use Plausible Analytics, a privacy-friendly, cookie-free analytics service, to understand aggregate website traffic (page views, referrers, and device types). Plausible does not use cookies, does not collect personal data, does not track you across sites, and is fully compliant with GDPR, CCPA, and PECR. All data is aggregated and no individual visitors can be identified. You can view our public analytics dashboard and Plausible's data policy at plausible.io/data-policy.
• Azure AI Speech (Microsoft): When you use the Audio Guide feature with the azure provider (the default), your narration text is sent to Microsoft's Azure AI Speech service to generate voice audio. Microsoft processes this text solely for the purpose of text-to-speech synthesis and does not store your content after processing. Microsoft's data handling is governed by the Azure AI Speech Data Privacy notice. The generated audio is mixed into your video and then deleted from our servers along with all other temporary files.
• OpenAI TTS: When you use the Audio Guide feature with the openai provider, your narration text is sent to OpenAI's text-to-speech API. OpenAI's data handling is governed by their Privacy Policy and API Data Usage Policy, which states that API data is not used to train models. The generated audio is mixed into your video and then deleted from our servers.

Data Retention

We retain your data for as long as your account is active or as needed to provide our services:

• Account Information: Retained until you delete your account
• API Usage Logs: Retained for 90 days for operational and debugging purposes, then automatically deleted
• Billing Records: Retained as required by law (typically 7 years for tax purposes)

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we're required to retain it by law.

Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct your account information at any time from your dashboard
• Deletion: Delete your account and all associated data (contact us to do this)
• Portability: Export your API usage logs in a machine-readable format
• Objection: Object to certain types of data processing (though this may limit your ability to use our service)

To exercise any of these rights, please contact us at support@pagebolt.dev. We will respond within 30 days.

PageBolt Recorder — Chrome Extension

The PageBolt Recorder Chrome extension enables you to record browser interactions (clicks, typing, scrolling, navigation) and replay them as PageBolt sequences for screenshots, PDFs, and video recordings. This section explains exactly what data the extension collects, how it is used, how it is stored, and how it is shared.

Data the Extension Collects

The extension collects the following categories of data. Items marked with "user-initiated" are only collected when you explicitly trigger the action.

• PageBolt API key (user-initiated): You enter your API key in the extension settings. It is stored locally in chrome.storage.sync and sent as an HTTP header to the PageBolt API to authenticate your requests. It is never sent anywhere else.
• Active tab URL: When you start a recording, the extension reads the URL of the currently active tab to create the initial "navigate" step in your sequence.
• Recorded browser interactions: During an active recording session, the extension captures your clicks, text input, dropdown selections, scrolls, and page navigations. For sensitive fields (passwords, credit card numbers), values are replaced with placeholders like ${"{"} PASSWORD ${"}"} and are not recorded.
• Authentication cookies and session tokens (user-initiated): When you click the "Auth" button, the extension reads all cookies associated with the currently active tab's URL. This includes session cookies, authentication tokens, and any other cookies set by that website — including HttpOnly cookies that are not accessible to JavaScript on the page. This data is required so that PageBolt can replay your recorded sequence in an authenticated context (e.g., capturing screenshots of pages behind a login).
• localStorage data (user-initiated): When you click the "Auth" button, the extension also reads all localStorage key-value pairs for the currently active tab's origin. Many web applications store authentication tokens (e.g., JWTs) in localStorage, and this data is needed to replay authenticated sessions.

How the Data Is Used

• Recorded steps are sent to the PageBolt API (pagebolt.dev) when you click "Run Sequence", "Record Video", or "Save to Library". The API uses these steps to automate a browser and produce screenshots, PDFs, or videos.
• Captured cookies and localStorage (auth state) are sent to the PageBolt API alongside your recorded steps, only when you run a sequence or record a video. The API injects these cookies and localStorage values into the automated browser so it can access pages that require authentication. This data is used solely for the duration of the browser automation session.
• The extension does not use collected data for analytics, advertising, profiling, or any purpose other than executing the browser automation you requested.

How the Data Is Stored

• Locally in the browser: Your API key is stored in chrome.storage.sync (persisted across sessions). Recorded steps and captured auth state are stored in chrome.storage.session (cleared when the browser is closed). Video settings are stored in chrome.storage.sync.
• On PageBolt servers: When you run a sequence or record a video, your steps and auth state are transmitted over encrypted HTTPS to pagebolt.dev. Auth state (cookies and localStorage) is held in server memory only for the duration of the browser automation session and is not persisted to disk or any database. It is discarded immediately after the automation completes. Saved sequences (steps only, without auth state) are stored in your PageBolt account and retained until you delete them or your account.

How the Data Is Shared

• All data is transmitted only to pagebolt.dev. The extension does not send data to any third-party service, analytics provider, or advertising network.
• We do not sell, rent, or share your captured cookies, localStorage data, recorded steps, or any other data collected by the extension with any third party.
• If you use the Audio Guide feature for video recordings, narration text (which you write) is sent to Microsoft Azure AI Speech or OpenAI for text-to-speech synthesis, as described in the "Third-Party Services" section above. No cookies, localStorage, or browsing data is sent to these services.

User Consent and Control

• The extension displays a prominent disclosure in its side panel UI at all times, describing the types of data it may collect.
• Cookie and localStorage capture requires explicit consent: Before the extension reads any cookies or localStorage data, a consent dialog is shown explaining exactly what will be collected. You must click "I Agree" to proceed. If you decline, no cookies or localStorage data are read.
• Recording is user-initiated: The extension only records browser interactions when you explicitly click "Start Recording". It does not record or observe your browsing activity at any other time.
• You can clear captured auth state at any time by clicking "Clear" in the extension UI.
• You can uninstall the extension at any time, which immediately stops all data access and removes all locally stored data.

What the Extension Does Not Do

• Does not access your browsing history
• Does not run in the background or collect any data when you are not actively using it
• Does not read cookies or localStorage automatically — only when you explicitly click "Auth" and consent
• Does not track you across websites
• Does not inject advertisements or track your behavior for analytics

Data Retention (Extension Data)

• Locally stored auth state: Cleared automatically when you close your browser (stored in session storage), or when you click "Clear" in the extension.
• Auth state on PageBolt servers: Held in memory only during the automation session. Not persisted. Discarded immediately after the sequence or video completes.
• Saved sequences: Stored in your PageBolt account until you delete them. Saved sequences do not contain auth state (cookies/localStorage).
• API key: Stored locally until you remove it or uninstall the extension.

Cookies & Local Storage

We use minimal client-side storage:

• Session Tokens: We store JWT (JSON Web Token) authentication tokens in your browser's localStorage. This allows you to stay logged in. The token contains no personal information beyond your user ID.
• No Cookies: We do not use cookies for tracking or analytics. We do not set any cookies on your browser.
• No Third-Party Tracking: We do not use Google Analytics, Facebook Pixel, or any other third-party tracking scripts.

You can clear your localStorage at any time, but you will need to log in again.

Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we'll update the "Last updated" date at the top of this page. For significant changes, we'll notify you via email or a notice on our website. Your continued use of PageBolt after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

• Email: support@pagebolt.dev
• Website: pagebolt.dev