Snapnode ("we", "us", "our") is an AI-powered support widget platform operated from Portugal. We are the data controller for personal data processed through our Service. Contact: support@snapnode.pro
We collect: Account data (name, email, company), Payment data (processed by Stripe — we never store card details), Widget data (visitor conversations, IP addresses, user agents), Lead data (names, emails, phones submitted via widget), Usage data (credits used, features accessed), Technical data (login timestamps, API usage).
We use your data to: provide and improve the Service, process payments, send transactional emails (welcome, credit alerts, team invites), analyze usage to improve features, ensure security and prevent fraud, comply with legal obligations. We do NOT sell your data to third parties.
We process your data under the following legal bases: Contract performance (providing the Service you signed up for), Legitimate interests (security, fraud prevention, product improvement), Consent (marketing emails — you can unsubscribe anytime), Legal obligation (compliance with applicable laws).
We retain your data for as long as your account is active. Chat history is retained for 12 months by default. Lead data is retained until you delete it. Payment records are retained for 7 years (legal requirement). You can delete your account and all data at any time via Settings → Privacy → Delete Account.
You have the right to: Access your data (export via dashboard), Rectify inaccurate data (edit in settings), Erase your data (delete account), Restrict processing (contact us), Data portability (JSON export available), Object to processing (opt-out of marketing), Lodge a complaint with your local data protection authority.
We use essential cookies for authentication and session management. We use analytics cookies to understand usage (you can opt out). We do not use advertising or tracking cookies. See our Cookie Policy for full details.
We use: Stripe (payments) — PCI-DSS compliant, OpenAI (AI responses) — data processed in USA, Resend (emails) — EU/USA data centers, Twilio (voice calls) — USA data centers, Hetzner (hosting) — EU data centers. All processors are bound by data processing agreements.
We implement: Argon2 password hashing, JWT token authentication, HTTPS/TLS encryption in transit, PostgreSQL with encryption at rest, Regular security audits, Rate limiting to prevent abuse, Automatic sensitive data masking in chat (credit cards, passwords, etc.).
Some of our processors (OpenAI, Twilio) may process data outside the EU. We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) or adequacy decisions.
Snapnode is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
We may update this Privacy Policy periodically. We will notify you of significant changes via email. The "last updated" date at the top will reflect the most recent version.
For privacy-related questions or to exercise your rights: Email: support@snapnode.pro. We will respond to all requests within 30 days as required by GDPR.