Privacy Policy
Effective Date: January 15, 2025
Last Updated: February 6, 2026
1. Introduction
Snapt ("we," "our," or "us") operates the Snapt receipt processing service. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Telegram bot, web application, and related services (collectively, the "Service").
By using Snapt, you consent to the practices described in this Privacy Policy.
2. Information We Collect
2.1 Information You Provide
- Account Information: Telegram user ID, display name, and username
- Contact Information: Email address (if provided for notifications)
- Receipt Images and Documents: Photos, PDFs, and other document formats you upload for processing
- YNAB Authorization: OAuth tokens to sync data with your YNAB account
- Payment Information: Processed securely by Stripe; we do not store full payment card details
- Communications: Messages you send through our support channels
2.2 Information Collected Automatically
- Usage Data: Features used, receipts processed, sync events, errors encountered
- Device Information: Device type, operating system, Telegram client version
- Log Data: IP addresses, access times, referring URLs
- Subscription Data: Tier, billing cycle, receipt usage, promotional code redemption
2.3 Information from Third Parties
- YNAB: Budget names, account names, and transaction data necessary for sync operations
- Stripe: Subscription status, payment success/failure, billing history
- Analytics Providers: Aggregated usage patterns and performance metrics
3. How We Use Your Information
3.1 Provide and Improve the Service
- Process receipts using AI extraction technology
- Sync itemized data to your YNAB account
- Enforce tier-based feature access and receipt limits
- Improve AI accuracy and processing speed
- Develop new features and capabilities
3.2 Communicate With You
- Send subscription and billing notifications
- Provide customer support
- Share product updates and new features (with your consent)
- Send security alerts and service announcements
3.3 Business Operations
- Process payments and prevent fraud
- Analyze usage patterns to improve the Service
- Comply with legal obligations
- Enforce our Terms of Service
3.4 With Your Consent
- Marketing communications (opt-in only)
- Beta feature testing invitations
- User research participation
4. How We Share Your Information
4.1 Service Providers
We share information with trusted third parties who assist in operating our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud (Gemini) / OpenAI | AI receipt processing | Receipt images (processed, not stored) |
| YNAB | Budget sync | Transaction data, category mappings |
| Stripe | Payment processing | Billing information |
| Telegram | Messaging platform | Bot interactions |
| Sentry | Error monitoring | Technical logs (anonymized) |
4.2 Legal Requirements
We may disclose information when required by law, subpoena, court order, or to:
- Comply with legal process
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety
4.3 Business Transfers
If Snapt is acquired, merged, or sells assets, user information may be transferred as a business asset. You will be notified of any such change.
4.4 Aggregated and De-Identified Data
We may use or share aggregated or de-identified information for analytics, research, or to develop commercial insights. We do not sell or share identifiable personal information.
5. Document Processing
5.1 Receipt and Document Handling
- Receipt images and PDF documents are processed by AI to extract itemized data
- Documents are temporarily stored during processing (typically under 60 seconds)
- Processed documents are not retained after extraction is complete
- PDF document processing is available to PLUS tier and above
- AI models may learn from aggregate patterns but not individual receipts
5.2 Data Accuracy
AI extraction may contain errors. We recommend verifying synced data in YNAB.
6. Data Security
We implement reasonable security measures including:
- Encryption: TLS for data in transit; AES-256 encryption at rest for stored credentials and OAuth tokens
- Access Controls: Role-based access to production systems
- Secure Processing: API tokens stored securely, not logged
- Monitoring: Security event logging and alerting
No system is 100% secure. We cannot guarantee absolute security of your data.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Receipt images | Deleted after processing |
| Usage logs | 12 months |
| Billing records | As required by law (typically 7 years) |
| Support communications | 3 years |
8. Your Rights and Choices
8.1 Access and Portability
You may request a copy of your data by contacting support@usesnapt.com.
8.2 Correction
You may update your account information through the Snapt web dashboard at usesnapt.com/dashboard.
8.3 Deletion
You may request account deletion by contacting support. Note:
- Billing records may be retained for legal compliance
- Aggregated analytics data is not deleted
8.4 YNAB Disconnection
You may revoke Snapt's access to YNAB at any time through your YNAB account settings.
8.5 Marketing Opt-Out
You may opt out of marketing communications at any time by contacting support@usesnapt.com.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
9.1 Categories of Information Collected
In the past 12 months, we have collected:
- Identifiers (Telegram ID, email)
- Commercial information (purchase history, subscription data)
- Internet activity (usage logs)
- Financial information (processed by Stripe)
9.2 Business Purposes
We use this information for:
- Providing the Service
- Processing payments
- Customer support
- Service improvement
- Security and fraud prevention
9.3 Your Rights
- Right to Know: Request categories and specific pieces of data collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of sale of personal information
- Right to Non-Discrimination: Equal service regardless of privacy choices
9.4 Data Sales
We do not sell personal information as defined by the CCPA.
9.5 Exercising Rights
To exercise CCPA rights, contact us at support@usesnapt.com with subject line "CCPA Request."
10. Children's Privacy
Snapt is not intended for users under 18. We do not knowingly collect information from minors. If you believe we have collected data from a minor, contact us immediately.
11. GDPR (European Economic Area)
This section applies only if you are located in the European Economic Area, the United Kingdom, or Switzerland, or if we otherwise offer the Service to EU users.
11.1 Legal Bases for Processing
- Contract: To provide the Service, process receipts, and sync with YNAB
- Legitimate Interests: To improve the Service, prevent fraud, and maintain security
- Consent: For optional marketing and research participation
- Legal Obligations: To comply with applicable laws
11.2 Your GDPR Rights
- Access, correction, and deletion of your personal data
- Restriction or objection to processing
- Data portability
- Withdrawal of consent at any time where consent is the basis
- Lodge a complaint with your local supervisory authority
11.3 International Data Transfers
We may transfer and process your data outside your country of residence, including the United States. Where required, we rely on approved transfer mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions.
12. International Users
Snapt is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US.
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via:
- Email notification
- Telegram message
- Notice on our website
Continued use after changes constitutes acceptance.
14. Contact Us
For privacy questions or requests:
- Email: support@usesnapt.com
- Subject Line: Privacy Inquiry
- Response Time: Within 30 days
Version 1.0.0