I used to use the Upwork tracker a lot which sends the screenshots to a third party (Upwork) where both parties could view (or remove) the screenshots. Having some kind of trusted third party or paper trail (if sending by e.g. email) seems necessary to prove any potentially-produced-later screenshots were in fact created at the time of work.
It might be different for others, but for most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that. I've removed the occasional screenshot that had a personal dev tool key or similar though. Typically all this should be covered by a contract with a client though; they shouldn't just be stealing API keys and whatnot from your screenshots...
> most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that
It’s about storage though.
It’s one thing if your employer can access the data from an encrypted database with carefully managed access - and another to also keep it in a random screenshot in a third party time tracking tool.
There are also regulations and requirements, for example about deletion of personal data.
IMO, storage is an implementation detail that should be handled up the chain (by your tool or third-party service), rather than by you.
In the Upwork example, screenshots are already encrypted and only accessible behind authenticated flows in their site/app; can be deleted manually (e.g. after you've been paid and don't need them for liability reasons); and automatically delete after some period of time otherwise (6mo or 1 year IIRC).
There are probably plenty of other time-tracking tools that give you more fine-tuned control over the privacy of your screenshots if you want that, but I can't imagine it's something most freelancers want to spend much time on.
It might be different for others, but for most sensitive data I'm privy to on a job (api keys, their users' personal data), my employer could or should already have access to all of that. I've removed the occasional screenshot that had a personal dev tool key or similar though. Typically all this should be covered by a contract with a client though; they shouldn't just be stealing API keys and whatnot from your screenshots...