Privacy Policy

Effective date: March 16, 2026

SnapAudit (“we,” “our,” or “us”) operates the website snapaudit.app (the “Service”). This Privacy Policy describes how we collect, use, and protect your personal information. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and authentication data provided when you create an account via Google sign-in or magic link.
  • Audit data: URLs you submit for auditing, audit results (scores, metrics, screenshots), and AI-generated report narratives.
  • Billing information: Payment details are processed and stored by Stripe. We do not store full credit card numbers on our servers.
  • Usage data: Pages visited, features used, timestamps, browser type, and IP address.
  • Communications: Emails sent to our support address and any in-app feedback you provide.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Run website audits and generate reports you have requested.
  • Process payments and manage subscriptions.
  • Send transactional emails (audit results, receipts, account notifications).
  • Send marketing communications (you may opt out at any time).
  • Monitor usage for rate limiting and abuse prevention.
  • Respond to support requests.

3. Cookies and Tracking Technologies

We use essential cookies to maintain your authentication session and preferences. We may use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings. The Service may not function properly if essential cookies are disabled.

4. Third-Party Services

We share data with the following third-party service providers, each of which has its own privacy policy:

  • Clerk — Authentication and user management. Receives your email address and sign-in data.
  • Stripe — Payment processing. Receives billing and payment method information.
  • Supabase — Database hosting. Stores account data, audit results, and application data.
  • Google Lighthouse — Website auditing engine. Receives the URLs you submit for analysis.
  • Anthropic (Claude AI) — AI narrative generation. Receives anonymized audit data (scores and metrics, not your personal information) to generate report recommendations.
  • Resend — Transactional email delivery. Receives your email address for sending audit reports and notifications.
  • Upstash — Caching and rate limiting. Stores temporary audit data and request counts.

5. Data Retention

We retain your account information and audit data for as long as your account is active. Cached audit results are automatically deleted after 24 hours. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Anonymized, aggregated data may be retained indefinitely for analytics purposes.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Request your data in a portable, machine-readable format.
  • Objection: Object to the processing of your personal data for marketing purposes.
  • Restriction: Request restriction of processing in certain circumstances.

For EU/EEA residents (GDPR)

We process your data based on consent (when you create an account), contractual necessity (to provide the Service), and legitimate interest (to improve the Service and prevent abuse). You have the right to withdraw consent at any time and to lodge a complaint with your local data protection authority.

For California residents (CCPA)

You have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell your personal information to third parties.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

8. Children's Privacy

The Service is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@snapaudit.app.