Privacy Policy

Effective July 16, 2026

This policy explains what snapp collects, why, and what happens to it. The short version: we collect what's needed to run a bookmark app with billing, we don't sell your data, and we don't run advertising trackers.

1. What we collect

  • Account data — your email, name, and a password hash (or your Google account identity if you sign in with Google).
  • Your content — the URLs you bookmark, titles, notes, tags, mixes, and the screenshots, fonts, and colors captured when you scan a site, plus the design briefs generated for you.
  • Usage records — a log of metered actions (briefs, analyses, scans) with token counts and estimated cost, used to enforce plan limits and billing.
  • Payment data — handled by Stripe. We store your Stripe customer and subscription identifiers and plan status; we never see or store card numbers.

We don't use advertising cookies or cross-site trackers. The only cookies are the session cookies that keep you signed in.

2. How we use it

  • to provide the service — storing and showing your library;
  • to generate design briefs: when you run a scan or a mix, the relevant screenshots, extracted fonts/colors, and your notes are sent to Anthropic's Claude API to produce the brief;
  • to enforce plan limits and process subscription payments;
  • to respond when you contact us.

3. Who processes it

Your data is handled by these processors on our behalf:

  • Supabase — database, authentication, and file storage (screenshots);
  • Stripe — subscription billing;
  • Anthropic — AI generation (receives site screenshots, extracted design data, and your notes when you generate);
  • Google — sign-in, if you choose Google OAuth;
  • Vercel — application hosting.

We don't sell your data or share it with advertisers.

4. Retention and deletion

Your content stays until you delete it or your account. Deleting a bookmark or mix removes it (and its stored screenshots) from our systems. To delete your whole account and its data, email us — we'll confirm and complete the deletion within 30 days. Billing records are kept as long as tax and accounting law requires.

5. Your rights

snapp is operated from Canada and handles personal data in line with PIPEDA. Depending on where you live (e.g. PIPEDA, GDPR, or CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Email us and we'll honor those requests.

6. Security

Data is encrypted in transit, stored with row-level access controls (your data is only readable by your account), and payment handling is delegated to Stripe. No system is perfectly secure — if a breach affects your data, we'll notify you as the law requires.

7. Children

snapp isn't directed at children under 13 and we don't knowingly collect their data.

8. Changes

If this policy changes materially, we'll notify you before the change takes effect. The effective date above always reflects the current version.

9. Contact

Privacy questions and requests: kasperzhang.ai@gmail.com