Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and an encrypted password. We do not store passwords in plain text.

SOP Content

We store the notes you input and the SOPs generated from them. This data is associated with your account and used solely to provide the Service.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers. We receive only a Stripe customer ID and subscription status.

Usage Data

We collect anonymized usage analytics through Vercel Analytics, including page views, browser type, and general geographic region. This data does not identify individual users.

2. How We Use Your Data

• To provide the Service: Your input content is sent to an AI model to generate SOPs. Generated content is stored in your account.
• To process payments: Subscription and billing data is managed through Stripe.
• To improve the Service: Anonymized usage data helps us understand how the product is used.
• To communicate with you: We may send transactional emails related to your account.

3. AI Processing

Your input content is processed by Anthropic's Claude AI to generate SOPs. This processing occurs via API calls. We do not use your content to train AI models. Anthropic's data processing is governed by their privacy policy.

4. Data Security

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted on our database provider (Supabase)
• Row-level security ensures users can only access their own data
• API endpoints require authentication
• Rate limiting protects against abuse
• We use security headers including Content-Security-Policy and HSTS

5. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Stripe: For payment processing
• Supabase: For data storage and authentication
• Anthropic: For AI processing of SOP generation requests
• Vercel: For hosting and anonymized analytics
• Law enforcement: If required by law or valid legal process

6. Data Retention

Your data is retained as long as your account is active. If you delete your account, your data will be permanently deleted within 30 days. Anonymized analytics data may be retained indefinitely.

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your SOP data
• Opt out of non-essential communications

8. Cookies

We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies. Vercel Analytics uses privacy-friendly, cookie-less analytics.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect data from children.

10. International Data Transfers

Your data may be processed in the United States where our servers are located. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this privacy policy. Material changes will be communicated via email. Continued use after changes constitutes acceptance.

12. Contact

For privacy-related questions or data requests, contact us at privacy@snapops.app.