Snapee← Back to site

Legal

Privacy Policy

SNAPEE — snapee.ai · Effective Date: February 26, 2026 · Last Updated: February 26, 2026

Data Controller: Screenshot Marketing s.r.o. · IČO: 23154713

Registered Address: Čechova 236/17, Bubeneč (Praha 7), 170 00 Praha, Czech Republic

This Privacy Policy describes how Screenshot Marketing s.r.o. ("we," "us," or "the Controller") collects, uses, stores, and protects personal data of users of snapee.ai and associated services (the "Services"). This Policy complies with GDPR, Czech Act No. 110/2019 Coll., CCPA, UK GDPR, and other applicable international frameworks. By using the Services, you confirm that you have read and understood this Policy.

1. Definitions

  • Personal Data — any information relating to an identified or identifiable natural person (Article 4(1) GDPR).
  • User — a natural person aged 18 or older who accesses the Services.
  • Controller — Screenshot Marketing s.r.o.
  • Processor — a third party that processes Personal Data on behalf of the Controller.

2. Age Restriction & Prohibition on Content Depicting Minors

THE SERVICES ARE STRICTLY FOR ADULTS AGED 18 AND OVER.

Generating, storing, sharing, or otherwise handling any sexual, nude, or sexually suggestive content depicting persons under 18 years of age — including fictional, animated, or AI-generated characters — is absolutely and unconditionally prohibited. Any such content will be immediately removed, the account permanently banned, and the incident reported to law enforcement.

The Controller does not knowingly collect Personal Data from persons under 18. If we become aware that a minor has provided Personal Data, we will promptly delete such data and terminate the account. Contact us at hello@snapee.ai or via Discord: discord.gg/3kFvZQvqV3.

3. Personal Data We Collect

3.1 Data You Provide

  • Identity and contact data: email address (used for login and service communications) and an optional display username chosen by you.
  • Account credentials: a hashed password (we never see or store your plain-text password — authentication is handled by our identity provider, Supabase).
  • Generated content: the AI companions you create, the chat messages you send and receive, and any photos generated in chat. These live inside your account and are not shown to other users unless you explicitly mark a companion as public.
  • Payment data: processed exclusively through Stripe. We do not store full payment card numbers — only a Stripe customer ID, subscription status, and metadata about purchases (plan, amount, date).
  • Communications: customer support inquiries sent to hello@snapee.ai and messages exchanged with us on Discord.

3.2 Data Collected Automatically

  • Technical data: IP address, browser type and version, operating system, and device identifiers.
  • Usage data: pages visited, features used, token spend per action, session duration, and basic interaction patterns used to detect abuse and improve the product.
  • Cookies and similar technologies: see Section 8.

3.3 Data from Third Parties

We may receive data from Stripe (payment status, fraud signals) and, where used, from third-party analytics providers.

4. Legal Bases and Purposes of Processing

  • Performance of a contract (Art. 6(1)(b) GDPR): providing the Services — creating and authenticating accounts, running the chat and image-generation features, processing payments, managing subscriptions and token wallets.
  • Legitimate interests (Art. 6(1)(f) GDPR): ensuring platform security, preventing fraud and abuse, debugging, analytics in aggregated/pseudonymised form, and improving service performance.
  • Consent (Art. 6(1)(a) GDPR): non-essential analytics or marketing cookies (when applicable) and any optional marketing emails. Consent may be withdrawn at any time without affecting prior lawful processing.
  • Legal obligation (Art. 6(1)(c) GDPR): retaining accounting records, cooperating with law enforcement, and mandatory reporting of suspected child sexual abuse material.

5. Recipients of Personal Data

We share Personal Data only with the processors and recipients listed below, in each case under appropriate contractual safeguards:

  • Stripe, Inc. — payment processing, subscription management, and fraud detection.
  • Supabase, Inc. — managed Postgres database, authentication, and object storage for generated images.
  • AI inference providers — Venice and (optionally) OpenRouter, used to generate chat replies and images from the prompts you send. We send your prompt text and relevant system context; we do not send your email, payment data, or account identifiers to these providers beyond what is strictly necessary.
  • Cloud hosting providers — service availability, reliability, and content delivery.
  • Law enforcement and judicial authorities — when required by law, court order, or where necessary to protect rights and safety, including mandatory reporting of content depicting minors.
  • Acquirer or successor entity — in the event of a merger, acquisition, or sale of assets (with prior notice).

Where data is transferred outside the EEA, the Controller ensures appropriate safeguards pursuant to Chapter V GDPR (Standard Contractual Clauses or adequacy decisions).

6. Data Retention

  • Account data — retained for the duration of the contractual relationship. You can delete your account at any time from Settings → Profile, which removes your messages, generated characters, and remaining tokens.
  • Chat messages and generated images — stored as long as the corresponding companion or account exists, so you can revisit your conversations. Deleting a conversation from the inbox immediately purges its messages and the associated long-term memory snapshot. Deleting your account purges all related content.
  • Accounting and tax records — retained as required by Czech law, generally for up to 10 years.
  • Operational logs — typically retained for up to 90 days for security, debugging, and fraud detection, then rotated.
  • Data no longer required for the purposes above is securely deleted or anonymised.

7. Your Rights

  • Right of access (Art. 15 GDPR / CCPA): obtain confirmation of whether your data is being processed and receive a copy.
  • Right to rectification (Art. 16 GDPR): correct inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR / CCPA): request deletion of your data. The fastest way to exercise this is the in-product Delete Account button under Settings → Profile.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR).
  • CCPA rights (California residents): right to know, right to delete, right to opt out of sale. We do not sell personal information.

To exercise your rights, contact us at hello@snapee.ai or via Discord. We will respond within 30 days (45 days for CCPA requests).

EEA/UK residents may lodge a complaint with: ÚOOÚ (CZ) — www.uoou.cz | ICO (UK) — www.ico.org.uk.

8. Cookies and Tracking Technologies

  • Essential cookies: required to keep you signed in (Supabase auth session), to remember your settings, and to operate the basic Services. These cannot be disabled.
  • Analytical cookies: when used, they track aggregate usage to improve the Services. They are loaded only with your consent.
  • Marketing cookies: when used, they personalise advertisements. They are loaded only with your consent.

Consent for non-essential cookies can be granted or withdrawn at any time through the cookie consent manager on the website or by clearing cookies in your browser.

9. Security

  • Encryption of data in transit (TLS/HTTPS) and at rest (managed database and object storage encryption).
  • Row-level security policies in our database that restrict each user's data to that user only.
  • Access controls limiting Personal Data access to authorised personnel on a need-to-know basis.
  • Regular dependency and configuration reviews.
  • Data breach response procedures in compliance with Articles 33–34 GDPR.

No system is perfectly secure. Please use a strong, unique password and notify us immediately if you suspect your account has been compromised.

10. International Data Transfers

The Services are operated from the Czech Republic (EU). When Personal Data is transferred outside the EEA — for example to non-EU AI inference providers or US-based payment infrastructure — the Controller ensures an adequate level of protection through Standard Contractual Clauses, binding corporate rules, or other safeguards recognised under applicable law.

11. Changes to This Policy

We reserve the right to update this Policy at any time. Material changes will be communicated by email or prominent notice on the website at least 30 days before taking effect.

12. Contact Information

Controller: Screenshot Marketing s.r.o. · IČO: 23154713

Čechova 236/17, Bubeneč (Praha 7), 170 00 Praha, Czech Republic

Email: hello@snapee.ai · Discord: discord.gg/3kFvZQvqV3

Supervisory authority (CZ): ÚOOÚ — www.uoou.cz · Supervisory authority (UK): ICO — www.ico.org.uk