Privacy Policy

Last Updated: September 27, 2025

1. Introduction

SnagKit ("we", "our", or "us") operates the SnagKit web application and API services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • OAuth provider data (Google, GitHub, etc.)
  • Password (encrypted) if using email authentication

2.2 Usage Data

We automatically collect certain information when you use our services:

  • IP address and device information
  • Browser type and version
  • Usage statistics (screenshots created, API calls made)
  • Storage usage and quota consumption
  • API key usage and last access times

2.3 Captured Content

When you use our screenshot and recording services, we temporarily store:

  • URLs you capture
  • Screenshots, videos, and animations you create
  • Capture settings and configurations
  • These files are automatically deleted based on your subscription tier retention policy

2.4 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. We receive limited information from Stripe including:

  • Payment method type
  • Last 4 digits of card
  • Billing address
  • Transaction history

3. How We Use Your Information

We use your information for the following purposes:

  • Provide, operate, and maintain our services
  • Process your screenshot and video capture requests
  • Manage your account and subscription
  • Send service-related communications
  • Monitor usage and enforce rate limits and quotas
  • Detect and prevent fraud and abuse
  • Improve and optimize our services
  • Comply with legal obligations

4. Data Retention

We retain your information for the following periods:

  • Account data: Until you delete your account
  • Captured content: Automatically deleted based on your subscription tier:
    • FREE: 1 hour
    • BASIC: 24 hours
    • PRO: 7 days
    • ENTERPRISE: 30 days
  • Usage logs: 90 days
  • Billing records: 7 years (legal requirement)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service Providers: Clerk (authentication), Stripe (payments), cloud storage providers
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

6. Your Rights

6.1 GDPR Rights (EU Users)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

6.2 CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise your rights, contact us at privacy@snagkit.io

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted storage of sensitive data
  • API key authentication for programmatic access
  • Rate limiting to prevent abuse
  • Regular security audits and updates
  • Access controls and monitoring

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: To understand how you use our services (PostHog)
  • Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings.

9. Third-Party Services

We use the following third-party services:

  • Clerk: Authentication and user management
  • Stripe: Payment processing
  • PostHog: Analytics and user insights
  • Cloud Storage: File storage (AWS S3, Cloudflare R2, or local)

Each service has its own privacy policy governing their data practices.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with GDPR and other applicable laws.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered email address
  • Prominent notice on our website
  • Updating the "Last Updated" date at the top of this policy

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us at:

Email: privacy@snagkit.io
Address: [Your Company Address]
Data Protection Officer: dpo@snagkit.io

14. California Notice at Collection

We collect the following categories of personal information:

  • Identifiers (email, name, IP address)
  • Commercial information (subscription tier, usage data)
  • Internet activity (API calls, feature usage)
  • Geolocation data (if you use geolocation features)

We use this information as described in Section 3 above. We do not sell personal information.