Snipget.ai

Privacy Policy

Last updated: April 28, 2026

1. Who we are

Snipget Inc. ("we," "us," "our") is a Missouri corporation that operates the Snipget API and web application at snipget.ai. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding it.

For users in the European Economic Area (EEA) and United Kingdom, Snipget Inc. acts as the data controller for personal data processed under this policy.

2. Data we collect

  • Account data: email address, hashed password, display name, and optional organization name provided at registration.
  • Billing data: payment method details are handled directly by Stripe — we never receive or store your card number, bank account, or CVV. We store your Stripe customer ID and subscription status.
  • Usage metadata: for each API call we record the endpoint, timestamp, HTTP status code, elapsed time, and metered cost units. We use this to calculate billing and detect abuse. We do not store request or response body content.
  • Technical data: IP address, browser type and version, and pages visited on snipget.ai, collected automatically by our infrastructure logs. API calls are associated with your API key, not your IP.
  • Cookies and session data: we use a single authentication session cookie to keep you logged in to the web application. We do not use advertising cookies or third-party tracking pixels. No cookie consent banner is required for strictly necessary session cookies.
  • Communications: emails, support tickets, and other messages you send us.

3. Legal basis for processing (GDPR)

For users in the EEA and UK, our legal basis for processing personal data is:

  • Contract performance — to provide the Service and bill you for usage (account data, billing data, usage metadata).
  • Legitimate interests — to detect fraud and abuse, maintain security, and improve the Service using anonymized aggregate metrics.
  • Legal obligation — to retain records required by applicable law.

4. How we use your data

  • To provision your account and authenticate API requests
  • To meter usage and generate billing invoices
  • To send transactional communications: email confirmation, password resets, billing receipts, and policy change notices
  • To monitor for abuse, fraud, and security incidents
  • To improve the Service using anonymized aggregate metrics only

We do not use your data to train machine learning models. We do not sell your data to third parties. We do not send marketing emails without your explicit opt-in.

5. Data we don't collect

We do not store the request or response bodies of your API calls. Snipget processes your inputs in memory and returns a result — only usage metadata (endpoint, status, timing, cost units) is persisted. The data you send us for normalization, parsing, or validation is not retained after the call completes.

6. Third-party processors

We share data with the following sub-processors only as necessary to provide the Service:

  • Stripe — payment processing and subscription management. See Stripe's privacy policy.
  • Cloudflare — edge network, DDoS protection, and DNS. See Cloudflare's privacy policy.
  • Transactional email provider — for sending account and billing emails on our behalf. Email addresses are shared only to facilitate delivery.
  • Amazon Web Services (AWS) — cloud hosting for our servers and databases. Data is stored and processed in AWS data centers. See AWS's privacy policy.

We do not use advertising networks, analytics platforms that track users across sites, or any other third-party services that receive your personal data beyond those listed above.

7. Data retention

  • Usage metadata is retained for 24 months for billing verification and compliance purposes.
  • Account data is retained for the life of your account. Upon deletion, account data is removed within 30 days except where retention is required by law (e.g., billing records, which we retain for 7 years per standard accounting practices).
  • Communications (support emails, tickets) are retained for up to 3 years.

8. Security

We use industry-standard controls to protect your data:

  • All data in transit is encrypted with TLS 1.2 or higher
  • Passwords are hashed using bcrypt before storage — we cannot recover your plain-text password
  • API keys are hashed before storage
  • Database access is restricted to application processes; direct external access is blocked
  • Access to production systems is limited to authorized personnel with multi-factor authentication

No system is completely secure. If you discover a security vulnerability, please report it to [email protected].

9. International data transfers

Snipget is operated from the United States. If you access the Service from the EEA, UK, or other regions with data protection laws that differ from US law, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) as the lawful mechanism for such transfers where required. By using the Service, you acknowledge this transfer.

10. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access and portability: request a copy of the personal data we hold about you.
  • Correction: update inaccurate or incomplete data.
  • Deletion: request deletion of your account and associated data, subject to retention requirements.
  • Restriction and objection: ask us to restrict or stop processing your data in certain circumstances (EEA/UK users).
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • California residents (CCPA/CPRA): you have the right to know what personal data we collect and how it is used, to delete your data, to correct inaccurate data, and to opt out of the sale of personal data. We do not sell personal data. To exercise these rights, use the privacy contact form.

Most account data can be accessed and updated directly in the customer portal. For other requests, use the privacy contact form. We will respond within 30 days (45 days for CCPA requests where an extension is needed).

11. HIPAA

Snipget is not HIPAA-compliant by default. Do not submit Protected Health Information (PHI) to the Service without a signed Business Associate Agreement (BAA) in place with Snipget Inc. Use the sales contact form for BAA discussions.

12. Children

The Service is not directed to individuals under 18 and we do not knowingly collect personal data from minors. If we learn that we have collected data from a minor, we will delete it promptly.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to account holders before taking effect. The "last updated" date at the top of this page reflects the most recent revision.

14. Contact

Privacy questions or data requests: use the privacy contact form. Snipget Inc., Missouri, USA.