Captorify

Guide

Screenshot privacy checklist before you share

This checklist makes privacy review practical before a screenshot reaches a teammate, customer, or vendor.

Add to Chrome

Quick checklist

Before a screenshot leaves your machine, scan it for anything that must not travel with it. The fastest review is to check each category in order, then decide how you will share.

Customer data

Customer names, email addresses, phone numbers, addresses, and account identifiers are the most common leak in support and QA screenshots. Cover them before sharing outside the people who already have access.

In Captorify, blackout redaction (Pro) removes these permanently from the export, and suggested redactions can auto-flag emails, phone numbers, and card numbers for you to review.

Internal systems

Internal admin panels, staging URLs, hostnames, and IP addresses can reveal more about your infrastructure than you intend, especially in a screenshot shared with a customer or vendor.

Redact internal URLs in the address bar and anywhere they appear in the page body. Suggested redactions can detect URLs and IPs for review.

Credentials

Passwords, API keys, tokens, and session identifiers must be blacked out, not blurred, because blur and pixelation can sometimes be reversed. Captorify suggested redactions detect common key patterns such as Stripe, GitHub, and AWS-style tokens.

If a real secret was already visible in a shared screenshot, treat it as exposed and rotate it. Redacting the screenshot afterward does not undo the exposure.

URLs and tabs

The address bar, open tabs, bookmarks bar, and autofill dropdowns often carry information you did not mean to share, like other customer URLs or personal sites.

Capture a region instead of the whole window when you only need the page content, or redact the browser chrome before sharing.

Metadata and PDF context

Captorify does not add a URL or timestamp footer to exports by default. The PDF URL and timestamp overlay is a Pro opt-in, so check whether you have it enabled if you do not want source context embedded.

When you do want a verifiable record, the optional PDF overlay can help, but remember it is context you add, not tamper-proof proof.

Sharing controls

Once the image is clean, decide how it travels. A plain attachment is permanent and uncontrolled. A Captorify share link (Pro) can carry a password, an expiry, and immediate revocation, which is better when sensitive context is involved.

Match the control to the sensitivity: low-risk images can be attachments; anything with residual risk belongs in a protected, revocable link.

  • Attachment: simple, but permanent and uncontrolled.
  • Share link with password: limits who can open it.
  • Share link with expiry: stops being accessible after a set date (max one year).
  • Revoke: cut off access immediately when the screenshot no longer belongs online.

Downloadable checklist

Keep this checklist next to your screenshot workflow so the review becomes automatic. The goal is a quick, repeatable pass before every share rather than a one-time effort.

For team workflows, pair it with the customer-support and security-review checklists so each team applies the same standard.

Related

Features
Redaction Permanent screenshot redaction means the sensitive pixels are overwritten in the exported image, not hidden behind a…
Secure sharing
Guides
Support checklist guide Support teams check screenshots for Identifiable Information (PII), account data, internal notes, browser context, and…
Use cases
Security use case Security review screenshots can expose API keys, tokens, internal hosts, and account identifiers.