Privacy Policy

1. Introduction

Snapshot Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Snapshot Platform service.

This policy applies to all information collected through our service, website, and any related services, sales, marketing, or events (collectively, the "Service").

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly to us, such as:

• Account registration information (name, email address, password)
• Profile information (business details, store information)
• Payment information (processed securely through third-party payment providers)
• Communications with us (support tickets, feedback, surveys)
• Multi-factor authentication data (phone numbers for SMS, authentication app data)

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Usage data (pages visited, features used, time spent)
• Device information (IP address, browser type, device type)
• Log data (access times, referring URLs, error logs)
• Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information from third-party services:

• Social media authentication (Google, Apple, Microsoft)
• Estonian digital identity services (Smart-ID, Mobile-ID, ID Card)
• Payment processors for transaction processing
• Analytics and advertising partners

3. How We Use Your Information

We use the information we collect for various purposes:

• Provide, operate, and maintain our Service
• Process transactions and manage your account
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage and trends to improve our Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations and enforce our Terms of Service
• Send promotional communications (with your consent)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our service contract with you
• Legitimate Interests: For improving our service, security, and fraud prevention
• Legal Compliance: To comply with applicable laws and regulations
• Consent: For marketing communications and optional features (withdrawable at any time)

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our Service
• Legal Requirements: When required by law or to respond to legal process
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Protection of Rights: To protect our rights, property, or safety, or that of others
• With Your Consent: When you explicitly consent to the sharing

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• Encryption in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure data centers and cloud infrastructure
• Employee training on data protection and security

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure.

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our Service and fulfill the purposes outlined in this policy
• Comply with legal obligations and resolve disputes
• Maintain accurate financial and transaction records
• Detect and prevent fraud and abuse

When you delete your account, we will delete or anonymize your personal information, except where retention is required by law.

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of processing under certain circumstances
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, please contact us using the information provided in Section 12.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Other appropriate safeguards as required by applicable data protection laws

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and preferences
• Analyze usage patterns and improve our Service
• Provide personalized content and features
• Measure the effectiveness of our marketing campaigns

You can control cookies through your browser settings, but disabling certain cookies may affect the functionality of our Service.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification
• Providing in-app notifications

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority if you believe we have not addressed your concerns adequately.