Privacy Policy

Last updated: April 2026 · ICO Registration: 00013805394

We built Snaap to be genuinely useful, not to harvest data. We collect what we need to deliver your page and nothing more. We do not sell your data, run advertising, or share it beyond what is required to operate the service.

1. Who We Are

Snaap is operated by Golding Education Ltd, a company registered in England and Wales (Company No. 16396444).

We are the data controller for personal data processed through snaap.app. We are registered with the Information Commissioner's Office (ICO) under registration number 00013805394.

Contact for data protection matters: hello@snaap.app

2. What Data We Collect and Why

When you purchase and create a page

Data	Purpose	Lawful Basis	Stored
Email address	Send you your page and editor links; allows recovery of your editor link if lost; payment record	Contract	While your page is active, then deleted on page deletion request
Your description text	Generate your page via AI; stored so you can rebuild	Contract	While your page is active
Generated page (HTML)	Serve your live page at your URL	Contract	While your page is active
Your chosen URL (subdomain)	Host your page at yourname.snaap.app	Contract	While your page is active
Edit token	Authenticate your access to the editor	Contract	While your page is active
Stripe payment reference	Link your payment to your page; enable refunds	Contract / Legal obligation	7 years (UK tax law)
Country of origin (from IP)	Fraud prevention; display correct currency	Legitimate interests	While your page is active

When you use the editor

Data	Purpose	Lawful Basis	Stored
Edit history (count only)	Track remaining free swaps	Contract	While your page is active

Automatically collected data

Data	Purpose	Lawful Basis	Stored
IP address	Security monitoring and abuse prevention	Legitimate interests	Up to 90 days
Audit logs	Security monitoring; dispute resolution	Legitimate interests	90 days

Important: Content of your description

Your description text — the words you use to generate your page — may contain personal data about yourself (your name, contact details, career history) and potentially about third parties (clients you mention, colleagues, testimonials). You are responsible for ensuring you have a lawful basis to include any third-party personal data in your description. We process it solely to generate and maintain your page.

3. Who We Share Your Data With

We use the following third-party processors. Each processes your data only on our instructions and for the specific purpose listed:

Processor	Purpose	Data shared	Country
Stripe	Payment processing	Email address, payment details	United States
AI provider	Page generation	Your description text	United States
Infrastructure provider	Hosting, security, content delivery	All traffic (IP-anonymised for analytics)	United States
Email delivery provider	Transactional email delivery	Email address, page links	United States

We do not sell your data to any third party. We do not use your data for advertising.

4. International Data Transfers

All third-party processors listed above are based in the United States. We transfer personal data to them under the following safeguards:

Stripe and our infrastructure provider are certified under the UK-US Data Bridge, which provides adequate protection for UK personal data transferred to the United States.
Our AI and email providers: transfers are made under appropriate safeguards including contractual commitments consistent with UK GDPR requirements. We assess these transfers on an ongoing basis.

By using Snaap, you acknowledge that your personal data will be processed in the United States under these safeguards.

5. Data Retention

We retain your data only as long as necessary:

Active pages: Your page, description text, email address, and editor credentials are retained while your page is live. Your email is the only way to recover a lost editor link — we keep it for that reason. Deleting your page (by contacting us) triggers deletion of all associated data including your email.
Purchase records: Payment reference retained for 7 years to comply with UK tax law (held by Stripe).
Security and operational logs: Up to 90 days.

6. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data (subject to legal retention obligations)
Restriction — request that we limit how we use your data
Portability — receive your data in a structured, machine-readable format
Object — object to processing based on legitimate interests

To exercise any of these rights, email hello@snaap.app. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Cookies

We use minimal cookies:

Session storage (browser, not a cookie): Stores your draft text temporarily so you don't lose it if the page refreshes. Cleared when your browser session ends. Never sent to our servers.
Anonymous analytics: Anonymised traffic data (no cross-site tracking, no personal identifiers) used for performance monitoring. Privacy-preserving by design — no cookie is set for this purpose.

We do not use advertising cookies, tracking pixels, or any third-party analytics that could identify you personally.

8. Security

We protect your data using HTTPS encryption in transit, DDoS and bot protection, and access-controlled infrastructure. Editor access is secured by a private link issued only to you at the point of generation.

No system is completely secure. If we become aware of a data breach that affects your rights and freedoms, we will notify you and the ICO as required by law.

9. Children

Snaap is not intended for anyone under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently done so, contact us at hello@snaap.app and we will delete it promptly.

10. Your Page and Third-Party Content

Your live page at yourname.snaap.app is publicly accessible on the internet. If you include personal data about third parties in your description or on your page (such as client names, testimonials, or contact details), you are responsible for ensuring you have the right to publish that information. We are not responsible for the content you choose to display on your page.

11. Changes to This Policy

We may update this Privacy Policy when we change how we handle data. Material changes will be communicated by email if we hold your email address at the time, and by updating the "Last updated" date above. Continued use of Snaap after changes constitutes acceptance.

12. Contact

For all privacy-related queries:
Email: hello@snaap.app