Snapiens

Privacy Policy

Effective Date: November 1, 2025

Entity: Snapiens Inc. - 251 Little Falls Drive, Wilmington, DE ,19808, USA

Contact: contact@snapiens.com

1. Overview

Snapiens Inc. ("Snapiens," "we," "us," or "our") is committed to protecting your privacy and the data you entrust to us.

This Privacy Policy explains how we collect, use, share, and safeguard personal information through our AI platform, mobile apps, and APIs (collectively, the "Services"). It also describes your rights and choices under applicable privacy laws, including GDPR, CCPA, and other global frameworks.

By using Snapiens, you agree to this Policy and our Terms of Service.

2. Data We Collect

We collect only the data necessary to operate and improve Snapiens safely and effectively.

2.1. Information You Provide

• Account details: name, email address, organization, password. • Workspace data: uploaded documents, messages, files, and custom knowledge bases ("Customer Content"). • Billing details: payment info (processed by Stripe) and transaction metadata. • Support interactions: messages, feedback, or chat logs for troubleshooting.

2.2. Information Collected Automatically

• Usage data: device type, IP address, browser, operating system, session duration, error logs. • Cookies and trackers: for analytics (Google Analytics 4, Tag Manager), authentication, and service optimization. • Activity data: request timestamps, API usage, and model interaction logs for performance and security monitoring.

2.3. Information from Third Parties

• Authentication or single sign-on providers (Google, Microsoft, etc.). • Workspace administrators who add you to an organization's account. • Payment processors, analytics, or infrastructure providers (AWS, OpenAI, Stripe, Pinecone).

3. How We Use Your Data

We use personal and usage data strictly to:

1. Provide, secure, and maintain the Services. 2. Authenticate accounts and manage subscriptions. 3. Improve AI model performance and reliability (without training on user content). 4. Communicate product updates, security alerts, and customer support. 5. Comply with legal obligations and prevent abuse or fraud.

We do not use Customer Content to train or fine-tune AI models. Aggregated, non-identifiable data may be analyzed for performance insights.

4. Customer Content & Workspace Data

4.1. Ownership

You retain ownership of your Customer Content. Snapiens only processes it under your direction.

4.2. Organizational Workspaces

For enterprise accounts, admins can:

• Add or remove members. • Access, export, or delete workspace data. • Monitor usage within their organization.

Snapiens staff may access workspace data only for security, debugging, or legal compliance.

4.3. Prohibited Use of Data

You must not upload or use data that:

• Violates laws or third-party rights. • Involves personal medical, financial, or sensitive data without consent. • Could generate or spread illicit, harmful, or misleading AI content.

Snapiens may suspend or delete data that violates safety or compliance policies.

5. Legal Basis for Processing (GDPR)

For users in the European Union, we rely on these legal bases:

• Contractual necessity: to provide the Services you request. • Legitimate interests: to improve and secure Snapiens. • Consent: for optional analytics, cookies, or marketing. • Legal obligation: to comply with tax, security, or regulatory requirements.

You may withdraw consent at any time by adjusting your account or emailing us at contact@snapiens.ai.

6. Data Storage and Security

• All data is hosted on Amazon Web Services (AWS, US-East). • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). • Access is restricted via least-privilege roles and monitored via internal audit logs. • Backups are encrypted and stored in compliance with SOC 2 controls.

We employ automated and manual monitoring to prevent unauthorized access or misuse.

7. Retention and Deletion

Data is stored only as long as needed to deliver the Services or meet legal obligations.

• Customer Content is deleted within 30 days after workspace or account termination. • Payment and compliance records may be retained longer (up to 7 years) as required by law. • You may request deletion of your account or data at any time.

Once deleted, recovery is not possible.

8. International Data Transfers

Snapiens is headquartered in the United States and may transfer data internationally. Transfers outside your region are safeguarded by:

• Standard Contractual Clauses (for EU/UK transfers). • GDPR-compliant subprocessors (AWS, OpenAI, Stripe, Pinecone). • Security and confidentiality agreements with all partners.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access and receive a copy of your data. • Correct inaccurate information. • Request deletion ("right to be forgotten"). • Restrict or object to processing. • Port data to another provider. • Lodge a complaint with your local data authority.

To exercise these rights, email contact@snapiens.ai. We will respond within 30 days (or sooner where required by law).

10. Children's Privacy

Snapiens is not directed to individuals under 16 years old. We do not knowingly collect data from minors. If you believe a minor has used our Services, contact us immediately for removal.

11. AI Output and Responsibility

AI outputs may be inaccurate, incomplete, or inappropriate.

Snapiens:

• Does not monitor or control every response generated through user prompts. • Disclaims liability for harm, loss, or damages arising from reliance on AI-generated information. • May suspend or restrict accounts producing dangerous or illicit content.

Users are solely responsible for how they act on or distribute AI-generated outputs.

If an AI-generated interaction causes emotional distress or harm, users should not rely on Snapiens for crisis intervention and are encouraged to seek local emergency support immediately.

12. Third-Party Services and Subprocessors

Snapiens uses reputable third parties to operate the Service:

Purpose Provider Data Processed Hosting & backend Amazon Web Services (AWS) Stored data, logs AI processing OpenAI Text queries and responses Database & vector storage Pinecone.io Encrypted embeddings Payments Stripe Payment tokens, billing details Email delivery Amazon SES Email address Analytics Google Analytics 4 Usage metrics Tag management Google Tag Manager Trackers Web platform WordPress.com Content hosting

Each partner complies with GDPR, CCPA, and security certifications such as SOC 2 or ISO 27001.

13. Data Sharing

We may share information:

• With subprocessors (listed above). • With law enforcement if legally required. • To protect the safety, rights, or integrity of users or the platform. • During mergers or acquisitions, under confidentiality obligations.

We never sell or rent personal information.

14. Cookies and Tracking

Snapiens uses cookies and similar technologies for session management, analytics, and service improvement. You may disable non-essential cookies in your browser or through in-app settings.

15. Data Protection for Global Users

EU/UK Residents

You can contact our GDPR representatives:

• EU Representative: Rickert Rechtsanwaltsgesellschaft mbH, Bonn, Germany • UK Representative: Rickert Services Ltd UK, Peterborough, United Kingdom

California Residents (CCPA)

You have the right to know, delete, or opt out of the "sale" or "sharing" of your personal information (Snapiens does not sell user data).

Requests can be submitted to contact@snapiens.com

16. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced on our website or via email. Your continued use of Snapiens after such updates constitutes acceptance.

17. Contact Information

Snapiens Inc. 251 Little Falls Drive, Wilmington, DE ,19808, USA contact@snapiens.com