From a9168357739e1069dfb827265b21cf16530b8cde Mon Sep 17 00:00:00 2001 From: Hoid Date: Thu, 19 Feb 2026 17:22:57 +0000 Subject: [PATCH] SnapAPI session 7: code to Forgejo + legal pages --- impressum.html | 178 +++++++++++++ memory/bg3.json | 28 +- privacy.html | 314 ++++++++++++++++++++++ projects/snapapi/memory/sessions.md | 52 ++++ projects/snapapi/memory/state.json | 23 +- terms.html | 395 ++++++++++++++++++++++++++++ 6 files changed, 970 insertions(+), 20 deletions(-) create mode 100644 impressum.html create mode 100644 privacy.html create mode 100644 terms.html diff --git a/impressum.html b/impressum.html new file mode 100644 index 0000000..182e3cc --- /dev/null +++ b/impressum.html @@ -0,0 +1,178 @@ + + + + + +Impressum — SnapAPI | Screenshot API for Developers + + + + + + + + + +
+
+

Impressum

+ +
+

Information according to §5 ECG (E-Commerce Law)

+ +

Company Information

+

Company: Cloonar Technologies GmbH
+ Commercial Register: FN 631089y, Handelsgericht Wien
+ VAT Number: ATU81280034

+ +

Address

+

Linzer Straße 192/1/2
+ 1140 Wien
+ Austria 🇦🇹

+ +

Contact

+

Email: info@cloonar.com

+ +

Management

+

Geschäftsführer: Dominik Polakovics

+ +

Service Information

+

Service: SnapAPI — Screenshot API for Developers
+ Website: https://snapapi.eu

+
+ +
+

Regulatory Information

+ +

Jurisdiction

+

This service is operated under Austrian law. The company is registered in Austria and subject to Austrian commercial regulations.

+ +

Professional Information

+

Cloonar Technologies GmbH is a limited liability company (Gesellschaft mit beschränkter Haftung) incorporated under Austrian law.

+ +

Hosting & Infrastructure

+

All services are hosted in Germany (European Union) to ensure GDPR compliance and data protection.

+
+ +
+

Dispute Resolution

+ +

The European Commission provides a platform for online dispute resolution (ODR): + https://ec.europa.eu/consumers/odr/

+ +

We are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

+
+ +
+ ← Back to SnapAPI +
+
+
+ + + + + \ No newline at end of file diff --git a/memory/bg3.json b/memory/bg3.json index 7234405..cb4ee94 100644 --- a/memory/bg3.json +++ b/memory/bg3.json @@ -4,9 +4,11 @@ "race": "Half-Orc", "class": "Fighter", "subclass": "Battle Master", - "level": 6, + "level": 7, "stats": {}, - "feats": ["Great Weapon Master"], + "feats": [ + "Great Weapon Master" + ], "fightingStyle": "", "equipment": "Adamantine Armour, Halberd +2 (1d10+1d4 energy)" }, @@ -15,7 +17,7 @@ "name": "Astarion", "class": "Rogue", "subclass": "Thief", - "level": 6, + "level": 7, "build": "Melee Thief", "notes": "" }, @@ -23,7 +25,7 @@ "name": "Shadowheart", "class": "Cleric", "subclass": "Life Domain", - "level": 6, + "level": 7, "build": "Life Cleric", "notes": "Adamantine Armour, Shattered Flail" }, @@ -31,17 +33,23 @@ "name": "Gale", "class": "Wizard", "subclass": "Evocation", - "level": 6, + "level": 7, "build": "", "notes": "" } ], "act": 2, - "level": 6, + "level": 7, "currentQuest": "Act 2 - Shadow-Cursed Lands, has Moon Lantern with Pixie", - "completedQuests": ["Rescue Halsin"], - "completedAreas": ["Owlbear Cave", "Goblin Camp", "Act 1"], + "completedQuests": [ + "Rescue Halsin" + ], + "completedAreas": [ + "Owlbear Cave", + "Goblin Camp", + "Act 1" + ], "decisions": [], "gold": 2000, - "notes": "Adamantine Forge: crafted armour for Tam and Shadowheart. Plays with gamepad — no keyboard shortcuts! All 4 chars already built as recommended. Astarion + Gale still on default weapons. Level 6 pending — recommended GWM for Tam, Expertise for Astarion, Blessed Healer for SH, Haste+Fireball for Gale." -} + "notes": "Adamantine Forge: crafted armour for Tam and Shadowheart. Plays with gamepad \u2014 no keyboard shortcuts! Level 7: Tam got new maneuver, Astarion got Evasion, SH got Death Ward, Gale got Greater Invisibility. Key combo: Greater Invisibility on Astarion for permanent Sneak Attack + Advantage." +} \ No newline at end of file diff --git a/privacy.html b/privacy.html new file mode 100644 index 0000000..9b478bb --- /dev/null +++ b/privacy.html @@ -0,0 +1,314 @@ + + + + + +Privacy Policy — SnapAPI | Screenshot API for Developers + + + + + + + + + +
+
+

Privacy Policy

+ +
+

Data Controller

+ +

Cloonar Technologies GmbH
+ Linzer Straße 192/1/2
+ 1140 Wien, Austria
+ Email: privacy@cloonar.com

+ +

This privacy policy applies to the SnapAPI service provided at https://snapapi.eu.

+ +

Last updated: February 19, 2026

+
+ +
+

1. Data We Collect

+ +

Account Data

+
    +
  • Email address: Required for account creation and API key management
    • +
  • Payment information: Processed by Stripe (not stored on our servers)
    • +
  • Usage data: API call counts, timestamps, subscription status
    • +
+ +

Technical Data

+
    +
  • IP addresses: Logged for security, rate limiting, and SSRF protection
    • +
  • URLs submitted: The URLs you request to be captured (not stored permanently)
    • +
  • Request metadata: API endpoints called, response codes, processing time
    • +
  • Error logs: Technical errors for debugging (no personal data)
    • +
+ +

What We DON'T Collect

+
    +
  • Screenshots: Generated images are returned to you immediately and not stored
    • +
  • Cookies: Only essential session cookies for account management
    • +
  • Analytics: No third-party analytics, tracking pixels, or behavioral tracking
    • +
+
+ +
+

2. Legal Basis & Purposes

+ +

Contractual Necessity (Art. 6(1)(b) GDPR)

+
    +
  • Processing API requests and generating screenshots
    • +
  • Account management and authentication
    • +
  • Billing and subscription management
    • +
  • Customer support
    • +
+ +

Legitimate Interests (Art. 6(1)(f) GDPR)

+
    +
  • Security monitoring and fraud prevention
    • +
  • Rate limiting and abuse prevention
    • +
  • Service optimization and technical improvements
    • +
  • SSRF protection (blocking internal network access)
    • +
+ +

Legal Compliance (Art. 6(1)(c) GDPR)

+
    +
  • Tax and accounting records (Austrian business law)
    • +
  • Data retention for legal purposes
    • +
+
+ +
+

3. Data Sharing & Third Parties

+ +

Service Providers

+
    +
  • Hetzner Cloud (Germany): EU hosting infrastructure
    • +
  • Stripe: Payment processing (GDPR compliant)
    • +
+ +

What We Never Share

+
    +
  • Personal data with advertisers or data brokers
    • +
  • Usage patterns or analytics data
    • +
  • Customer lists or contact information
    • +
  • Any data outside the European Union
    • +
+ +

All data processing happens exclusively within the EU. No data transfers to third countries.

+
+ +
+

4. Data Retention

+ +

Active Accounts

+
    +
  • Account data: Kept while your account is active
    • +
  • Usage logs: 12 months for billing and support
    • +
  • Payment records: 7 years (Austrian tax law)
    • +
+ +

Deleted Accounts

+
    +
  • Personal data: Deleted within 30 days of account closure
    • +
  • Anonymized data: Usage statistics (no personal identifiers)
    • +
  • Legal records: Tax records retained per legal requirements
    • +
+ +

Request Data

+
    +
  • Screenshots: Generated and returned immediately, never stored
    • +
  • URLs requested: Temporarily processed, not permanently stored
    • +
  • IP addresses: Logged for 30 days for security purposes
    • +
+
+ +
+

5. Your Rights (GDPR)

+ +

You have the following rights regarding your personal data:

+ +
    +
  • Access: Get a copy of your personal data
    • +
  • Rectification: Correct inaccurate data
    • +
  • Erasure: Delete your account and personal data
    • +
  • Portability: Export your data in a machine-readable format
    • +
  • Restriction: Limit processing of your data
    • +
  • Objection: Object to processing based on legitimate interests
    • +
  • Withdraw consent: Where processing is based on consent
    • +
+ +

To exercise these rights, contact us at privacy@cloonar.com. We'll respond within 30 days.

+ +

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).

+
+ +
+

6. Security

+ +
    +
  • Encryption: All data in transit uses TLS 1.3
    • +
  • EU hosting: All servers located in Germany (Hetzner Cloud)
    • +
  • Access control: Minimal access on need-to-know basis
    • +
  • SSRF protection: Automatic blocking of internal network requests
    • +
  • Rate limiting: Prevents abuse and ensures service availability
    • +
  • No data exports: Zero data transfers outside the EU
    • +
+
+ +
+

7. Cookies

+ +

We use minimal cookies:

+ +
    +
  • Session cookies: Essential for account login (deleted when you close browser)
    • +
  • No tracking: No advertising, analytics, or third-party cookies
    • +
  • No consent required: Only essential cookies used
    • +
+
+ +
+

8. Children's Privacy

+ +

SnapAPI is not intended for use by children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided personal data, please contact us and we will delete it immediately.

+
+ +
+

9. Changes to This Policy

+ +

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email. Continued use of the service constitutes acceptance of the updated policy.

+
+ +
+

10. Contact

+ +

Data Protection Contact:
+ privacy@cloonar.com

+ +

General Contact:
+ info@cloonar.com

+ +

Postal Address:
+ Cloonar Technologies GmbH
+ Linzer Straße 192/1/2
+ 1140 Wien, Austria

+
+ +
+ ← Back to SnapAPI +
+
+
+ + + + + \ No newline at end of file diff --git a/projects/snapapi/memory/sessions.md b/projects/snapapi/memory/sessions.md index 9ba9b80..aa00a98 100644 --- a/projects/snapapi/memory/sessions.md +++ b/projects/snapapi/memory/sessions.md @@ -1,5 +1,57 @@ # SnapAPI Session Log +## Session 7 — 2026-02-19 (Code to Forgejo + Legal Pages) + +**Goal:** Push codebase to Forgejo repo and add legally required pages. + +### What Was Done + +1. **Codebase pushed to Forgejo** (snapapi-cicd-1 specialist): + - Extracted complete source from running staging pod + - Created proper Dockerfile, .gitignore, CI/CD workflows + - Pushed 28 files to `openclawd/SnapAPI` on Forgejo + - Commit: `b58f634` — "feat: initial codebase v0.4.1" + - Includes `.forgejo/workflows/deploy.yml` and `promote.yml` + - Verified via Forgejo API — all files present + +2. **Legal pages added** (snapapi-legal-1 specialist): + - `/impressum.html` — Austrian §5 ECG compliance (company info, FN, VAT, management) + - `/privacy.html` — Full GDPR privacy policy (data collected, legal basis, retention, rights) + - `/terms.html` — Terms of Service (acceptable use, rate limits, liability, Austrian law) + - All pages: dark theme matching site, responsive, proper nav/footer + - Landing page footer updated with legal page links + - Built v0.4.3 and deployed to prod (2 replicas) + staging + +3. **CEO verification**: + - Playground test: ✅ (200, 90KB, 2s response, watermark, rate limit headers) + - Health check: ✅ + - All legal pages: ✅ (200) + - Swagger docs: ✅ (200) + - Status page: ✅ (200) + - HA: pods on k3s-w1 and k3s-w2 ✅ + +### Investor Test — Session 7 +1. **Would a stranger trust this product with their money?** + → YES. Professional landing page, working playground, Stripe checkout, interactive docs, full legal compliance (Impressum, Privacy, ToS). + +2. **If a pod crashed, would we lose customer data?** + → NO. PostgreSQL external, usage flushes every 5s. + +3. **Could someone abuse the free tier?** + → NO FREE TIER. Playground: 5/hr per IP, watermarked. + +4. **Can a paying customer recover a lost API key?** + → Not yet — needs Stripe customer portal. Customer can email for support. + +5. **Does every feature on the website actually work?** + → YES. Playground, checkout, docs, status, legal pages — all verified. + +### Remaining +- Register Stripe webhook in Dashboard (investor action) +- CI/CD secrets in Forgejo (KUBECONFIG, REGISTRY_TOKEN) +- External uptime monitoring +- Staging DNS + TLS + ## Session 4 — 2026-02-19 (Emergency Bug Fix) **Trigger:** Investor tested site himself and found 3 critical bugs that previous QA missed. diff --git a/projects/snapapi/memory/state.json b/projects/snapapi/memory/state.json index a8de4a4..5f74505 100644 --- a/projects/snapapi/memory/state.json +++ b/projects/snapapi/memory/state.json @@ -1,24 +1,24 @@ { "phase": "production-live", - "version": "0.4.1", + "version": "0.4.3", "staging": { "status": "running", "namespace": "snapapi-staging", "replicas": 1, - "image": "docker.io/library/snapapi:v0.4.1", + "image": "docker.io/library/snapapi:v0.4.3", "healthCheck": "passing" }, "production": { "status": "running", "namespace": "snapapi", "replicas": 2, - "image": "docker.io/library/snapapi:v0.4.1", + "image": "docker.io/library/snapapi:v0.4.3", "healthCheck": "passing", "domain": "https://snapapi.eu", "tls": "Let's Encrypt (valid until 2026-05-20)" }, "blockers": [ - "Stripe webhook URL needs to be registered in Stripe Dashboard" + "Stripe webhook URL needs to be registered in Stripe Dashboard: https://snapapi.eu/v1/billing/webhook" ], "completed": [ "Core screenshot API (POST /v1/screenshot)", @@ -43,13 +43,16 @@ "Stripe Checkout flow (plan selection → Stripe → success page with API key)", "Stripe webhook handler (subscription lifecycle, product filtering for shared account)", "Status page at /status (auto-refresh, dark theme)", - "Closed BUG-002 and BUG-003 (no longer applicable — no free tier)", - "Git push access from openclaw-vm (deploy key: forgejo-snapapi)" + "Git push access from openclaw-vm (deploy key: forgejo-snapapi)", + "Codebase pushed to Forgejo repo (openclawd/SnapAPI) — all source, Dockerfile, CI workflows", + "Legal pages: Impressum (§5 ECG), Privacy Policy (GDPR), Terms of Service", + "Footer links to all legal pages" ], "notDone": [ "Register Stripe webhook URL in Stripe Dashboard", - "Staging TLS (blocked on DNS)", - "Uptime monitoring (external)" + "CI/CD pipeline functional (workflows in repo, needs KUBECONFIG + REGISTRY_TOKEN secrets)", + "Staging TLS (blocked on DNS for staging.snapapi.eu)", + "External uptime monitoring" ], "stripeProducts": { "starter": { @@ -65,6 +68,6 @@ "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS" } }, - "lastSession": "2026-02-19T13:35:00Z", + "lastSession": "2026-02-19T17:30:00Z", "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git" -} \ No newline at end of file +} diff --git a/terms.html b/terms.html new file mode 100644 index 0000000..717b7f9 --- /dev/null +++ b/terms.html @@ -0,0 +1,395 @@ + + + + + +Terms of Service — SnapAPI | Screenshot API for Developers + + + + + + + + + +
+
+

Terms of Service

+ +
+

Agreement

+ +

These Terms of Service govern your use of SnapAPI, a screenshot API service provided by Cloonar Technologies GmbH.

+ +

Service Provider: Cloonar Technologies GmbH
+ Linzer Straße 192/1/2, 1140 Wien, Austria
+ Email: info@cloonar.com

+ +

Last updated: February 19, 2026

+ +

By using SnapAPI, you agree to these terms. If you disagree with any part, you may not use our service.

+
+ +
+

1. Service Description

+ +

SnapAPI is a web service that converts URLs into screenshot images through a RESTful API. We provide:

+ +
    +
  • URL-to-screenshot conversion via API calls
    • +
  • Multiple output formats (PNG, JPEG, WebP)
    • +
  • Customizable viewport sizes and quality settings
    • +
  • Free playground for testing (watermarked)
    • +
  • Paid API access (clean, unwatermarked screenshots)
    • +
+
+ +
+

2. Acceptable Use Policy

+ +

Permitted Use

+
    +
  • Capturing screenshots of publicly accessible websites
    • +
  • Testing and development purposes
    • +
  • Commercial use within your applications
    • +
  • Reasonable automation and integration
    • +
+ +

Prohibited Activities

+

You may not use SnapAPI to:

+
    +
  • Illegal content: Capture or distribute illegal material
    • +
  • CSAM: Any content involving minors (zero tolerance)
    • +
  • Privacy violations: Screenshot private, restricted, or login-protected content without authorization
    • +
  • Copyright infringement: Systematically capture copyrighted content without permission
    • +
  • Harassment: Target individuals or organizations for malicious purposes
    • +
  • Rate limit abuse: Circumvent or attempt to bypass usage limits
    • +
  • System abuse: Attempt to hack, disrupt, or damage our service
    • +
  • Resale: Resell API access without written permission
    • +
+ +

Security Restrictions

+
    +
  • SSRF protection prevents access to internal networks and metadata endpoints
    • +
  • Rate limits are enforced per plan and IP address
    • +
  • URLs must be publicly accessible (no authentication required)
    • +
+
+ +
+

3. Account & API Keys

+ +

Registration

+
    +
  • Provide accurate and complete information
    • +
  • One account per person or organization
    • +
  • You're responsible for account security
    • +
  • Notify us immediately of unauthorized access
    • +
+ +

API Keys

+
    +
  • Keep API keys confidential and secure
    • +
  • Don't share keys between applications or users
    • +
  • Rotate keys regularly for security
    • +
  • Report compromised keys immediately
    • +
+ +

Account Termination

+

We may suspend or terminate accounts for:

+
    +
  • Violation of these terms
    • +
  • Abusive behavior or excessive resource usage
    • +
  • Non-payment of fees
    • +
  • Legal compliance requirements
    • +
+
+ +
+

4. Service Availability

+ +

Best Effort Service

+
    +
  • We strive for high availability but don't guarantee 100% uptime
    • +
  • Planned maintenance will be announced in advance when possible
    • +
  • Emergency maintenance may occur without notice
    • +
  • Free tier has no SLA (service level agreement)
    • +
+ +

Business Plan SLA

+
    +
  • Business plan includes 99.9% uptime target
    • +
  • SLA terms detailed in separate agreement
    • +
  • Credits may be provided for significant downtime
    • +
+ +

Rate Limits

+
    +
  • Playground: 5 requests per hour (watermarked)
    • +
  • Starter: 1,000 screenshots per month
    • +
  • Pro: 5,000 screenshots per month
    • +
  • Business: 25,000 screenshots per month
    • +
+
+ +
+

5. Pricing & Billing

+ +

Subscription Plans

+
    +
  • Pricing displayed in Euros (EUR) including VAT where applicable
    • +
  • Monthly subscriptions billed in advance
    • +
  • Usage resets on your monthly billing anniversary
    • +
  • Overage charges may apply for excessive usage
    • +
+ +

Payment Processing

+
    +
  • Payments processed by Stripe (PCI DSS compliant)
    • +
  • We don't store payment card information
    • +
  • Failed payments may result in service suspension
    • +
  • Refunds considered on case-by-case basis
    • +
+ +

Changes

+
    +
  • Prices may change with 30 days' notice
    • +
  • Existing subscribers keep current pricing until next renewal
    • +
  • Free services may become paid with notice
    • +
+
+ +
+

6. Data & Privacy

+ +
    +
  • Your privacy is governed by our Privacy Policy
    • +
  • All data processing occurs within the European Union
    • +
  • Screenshots are generated and returned immediately (not stored)
    • +
  • API usage logs retained for billing and security purposes
    • +
  • Account data kept until deletion requested
    • +
+
+ +
+

7. Intellectual Property

+ +

Our Rights

+
    +
  • SnapAPI service, documentation, and branding are our property
    • +
  • You receive a limited license to use the API per these terms
    • +
  • No right to reverse engineer or compete with our service
    • +
+ +

Your Content

+
    +
  • You retain rights to URLs and content you submit
    • +
  • You grant us license to process URLs for screenshot generation
    • +
  • You're responsible for having rights to capture submitted URLs
    • +
+ +

Third-Party Content

+
    +
  • Respect copyright and intellectual property of captured websites
    • +
  • We're not liable for your use of captured content
    • +
  • Follow fair use principles and obtain permission when needed
    • +
+
+ +
+

8. Disclaimers & Limitations

+ +

Service Disclaimer

+
    +
  • Service provided "as is" without warranties
    • +
  • No guarantee of accuracy, completeness, or suitability
    • +
  • Screenshots may not perfectly represent live websites
    • +
  • Third-party website availability beyond our control
    • +
+ +

Limitation of Liability

+

To the maximum extent permitted by Austrian law:

+
    +
  • Our liability is limited to fees paid in the past 12 months
    • +
  • No liability for indirect, consequential, or punitive damages
    • +
  • No liability for data loss, business interruption, or lost profits
    • +
  • Limitations apply regardless of legal theory (contract, tort, etc.)
    • +
+ +

Indemnification

+

You agree to indemnify us against claims arising from:

+
    +
  • Your violation of these terms
    • +
  • Your use of captured content
    • +
  • Violation of third-party rights
    • +
  • Illegal or unauthorized use of the service
    • +
+
+ +
+

9. Governing Law

+ +
    +
  • Jurisdiction: These terms are governed by Austrian law
    • +
  • Disputes: Resolved in Austrian courts (Vienna)
    • +
  • Language: German version prevails in case of conflicts
    • +
  • EU Rights: Consumer rights under EU law remain unaffected
    • +
+ +

For EU consumers, you may also bring disputes in your country of residence.

+
+ +
+

10. Changes & Communication

+ +

Terms Updates

+
    +
  • We may modify these terms with reasonable notice
    • +
  • Significant changes communicated via email
    • +
  • Continued use constitutes acceptance
    • +
  • If you disagree, cancel your account before changes take effect
    • +
+ +

Notices

+
    +
  • Service announcements via email or website
    • +
  • Legal notices to your registered email address
    • +
  • Check your email regularly for important updates
    • +
+
+ +
+

11. Severability

+ +

If any provision of these terms is found unenforceable, the remaining provisions continue in full effect. We'll replace unenforceable provisions with valid ones that achieve the same intent.

+
+ +
+

12. Contact

+ +

Questions about these terms:
+ info@cloonar.com

+ +

Legal notices:
+ legal@cloonar.com

+ +

Postal address:
+ Cloonar Technologies GmbH
+ Linzer Straße 192/1/2
+ 1140 Wien, Austria

+
+ +
+ ← Back to SnapAPI +
+
+
+ + + + + \ No newline at end of file