SpecShot
Security & Trust

Your captures and context, kept safe

SpecShot is built so the sensitive parts stay private and the risky parts simply never happen. Here's exactly how your data is handled.

How we protect data

Security by design

Principles baked into the product, not bolted on after.

Captures stored as data, not code

Captured DOM is persisted as structured JSON and never rendered or executed as HTML. SpecShot documents a design. It doesn't run or reproduce it.

No form values captured

We deliberately skip input values when capturing a section, so passwords, search terms and other field contents are never collected.

Private by default

Screenshots and exports live in private storage scoped to your workspace. Share links are opt-in, per-capture, and revocable at any time.

Encrypted integration secrets

BYO AI keys, GitHub and Linear tokens, and webhook secrets are encrypted at rest with a dedicated key. They are never stored or displayed in plaintext.

Payments handled by Stripe

Billing runs entirely through Stripe. We never see or store your card details.

Managed, isolated infrastructure

Authentication is handled by Clerk; data sits behind row-level security so workspaces can only ever access their own records.

For teams

Built for organizations

  • Workspace-scoped access. Members only see their own workspace data.
  • Role-based team membership with owner / member roles.
  • Data Processing Agreement (DPA) available for teams that need one.
  • Export or delete your captures and prompts at any time.
  • Granular Chrome-extension permissions. Capture only runs when you click.
Read our DPAPrivacy policySecurity questions?

Documentation, never duplication

SpecShot captures context to brief your build. It doesn't clone, copy or host other people's sites.

Get started free