Privacy Policy

Our commitment to protecting your privacy and personal data

2025/03/10

Last Updated: March 10, 2025

Introduction

Welcome to our Privacy Policy. This document explains how we collect, use, store, and protect your personal information when you use our Polaroid Photo Generator service ("Service"). We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our Service, you agree to the collection and use of information in accordance with this policy.

Data Controller Information

The data controller responsible for your personal data is:

Service Provider: Snaploid Contact Email: support@snaploid.com Website: https://snaploid.com

Information We Collect

1. Personal Information You Provide

  • Account Information: Name, email address, username, and password when you create an account
  • Payment Information: Billing details, payment method information (processed securely through Stripe)
  • Communication Data: Messages you send us through contact forms, support requests, or email
  • Profile Information: Optional profile picture, preferences, and settings

2. Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, actions taken within the Service
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Cookies and Tracking Technologies: See our Cookie Policy for details
  • Log Data: Server logs, error reports, and diagnostic information

3. Content You Create

  • Uploaded Images: Photos you upload to generate Polaroid-style images
  • Generated Content: AI-generated images and videos created through our Service
  • Metadata: Information about your creations (timestamps, generation settings, style preferences)

How We Use AI and Your Data

AI Image and Video Generation

Our Service uses artificial intelligence to generate Polaroid-style images and videos. Here's what you need to know:

  1. Image Processing: When you upload an image or request generation, we process it using third-party AI providers including:

    • GRSAI
    • Google Generative AI
    • OpenAI
    • Replicate
    • Other AI service providers

  2. Data Sent to AI Providers: Your uploaded images and generation parameters are temporarily sent to these AI providers to process your requests.

  3. AI Training Policy:

    • We do NOT use your uploaded images or generated content to train AI models
    • Your images are processed solely for generating your requested output
    • We have data processing agreements with our AI providers that prohibit them from using your data for training purposes
    • Generated content is your property (subject to our Terms of Service)

  4. Data Retention by AI Providers: AI providers may temporarily cache your data for processing but must delete it within 30 days as per our agreements.

  5. AI Provider Policy Compliance: Your use of AI generation features must comply with the acceptable use policies of:

    We may reject requests or terminate accounts that violate these third-party policies.

We process your personal data based on the following legal grounds:

  1. Contract Performance: To provide the Service you requested (Art. 6(1)(b) GDPR)
  2. Legitimate Interest: To improve our Service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR)
  3. Consent: For marketing communications and non-essential cookies (Art. 6(1)(a) GDPR)
  4. Legal Obligation: To comply with legal requirements such as tax and accounting (Art. 6(1)(c) GDPR)

How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI-powered image generation Service
  • Account Management: To create and manage your account, authenticate you, and provide customer support
  • Payment Processing: To process payments, manage subscriptions, and handle billing through Stripe
  • Service Communication: To send service-related notifications, updates, and security alerts
  • Customer Support: To respond to your inquiries and resolve issues
  • Service Improvement: To analyze usage patterns, improve features, and develop new functionality
  • Security and Fraud Prevention: To detect and prevent abuse, fraud, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service
  • Marketing (with your consent): To send promotional emails about new features, offers, and updates

Data Storage and Retention

Storage Location

  • Primary Data: Stored on Cloudflare R2 (globally distributed)
  • Database: PostgreSQL hosted on secure cloud infrastructure (Neon)
  • AI Processing: Temporarily processed in data centers of our AI providers (US, EU, Asia)

Retention Periods

  • Account Data: Retained as long as your account is active
  • Uploaded Images: Stored for 90 days, then automatically deleted (unless you choose to save them)
  • Generated Content: Retained according to your plan:
    • Anonymous users: Not saved
    • Free users: Saved indefinitely (subject to storage limits)
    • Pro users: Saved indefinitely
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Log Data: Retained for 90 days for security and debugging purposes
  • Deleted Account Data: Permanently deleted within 30 days of account deletion request

Data Sharing and Third-Party Services

We share your data with the following categories of third parties:

Essential Service Providers

  1. AI Providers (for image/video generation):

    • GRSAI
    • Google Generative AI (Vertex AI)
    • OpenAI
    • Replicate

  2. Infrastructure Providers:

    • Cloudflare (CDN, storage, DDoS protection)
    • Neon (database hosting)
    • Vercel (hosting and deployment)

  3. Payment Processor:

    • Stripe (payment processing, subscription management)

  4. Communication Services:

    • Resend (transactional emails)

  5. Analytics and Monitoring:

    • Google Analytics (optional, can be disabled)
    • Umami/OpenPanel/Plausible (privacy-friendly analytics)
    • Sentry/Logtail (error monitoring)

Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all third-party processors to ensure GDPR compliance and data protection.

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Privacy Shield certification (where applicable)

Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights:

  • Email us at: support@snaploid.com
  • Use the privacy settings in your account
  • Contact us through the in-app support system

Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete such information.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Regular Audits: Security assessments and vulnerability scanning
  • Secure Authentication: Better Auth with bcrypt password hashing
  • API Security: Rate limiting, CORS policies, and API key rotation
  • Monitoring: Real-time security monitoring and intrusion detection

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breach as required by law.

Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our Service. For detailed information, please see our Cookie Policy.

You can control cookies through your browser settings, but disabling certain cookies may affect Service functionality.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email for material changes (if you have an account)
  • Post a prominent notice on our website
  • Provide you with the opportunity to review changes before they take effect

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Service Provider: Snaploid Email: support@snaploid.com Website: https://snaploid.com

We typically respond to privacy-related inquiries within 48 hours.

Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en