Last updated: May 10, 2026

Privacy Policy

1. What we collect

We collect only what's necessary to operate the Service:

  • Account data — email address when you create an account via Supabase Auth
  • Product images — uploaded temporarily for AI processing; not stored permanently after generation completes
  • Generation history — records of generations (count, timestamps) linked to your account or anonymous session
  • Payment data — handled directly by Stripe; we store only your credit balance and transaction metadata
  • Browser analytics — collected via Amplitude; session replay and event data only if you accept on the cookie banner
  • Device fingerprint — FingerprintJS hash used to detect and prevent abuse of free generation limits
  • Bot protection signals — Cloudflare Turnstile signals during signup to prevent automated attacks
  • Cookie data — see our Cookie Policy

2. How we use it

  • To operate and deliver the Service (image generation, credit management)
  • To enforce usage limits for free and paid tiers
  • To process payments and detect fraud
  • To improve the Service through aggregate analytics

We do not sell your data. We do not use your uploaded product images to train AI models.

3. Third-party services

Supabase — authentication and database hosting. Your account data is stored in Supabase. Supabase Privacy Policy

Replicate — AI model inference. Uploaded images are sent to Replicate for processing. Replicate Privacy Policy

Stripe — payment processing. Card details are handled entirely by Stripe and never touch our servers. Stripe Privacy Policy

Amplitude — analytics. Session replay and event data to understand product usage. Requires opt-in via cookie banner. Amplitude Privacy Policy

FingerprintJS — device fingerprinting. Creates a hash of device characteristics to prevent abuse of free generations. FingerprintJS Privacy Policy

Cloudflare Turnstile — bot protection. Analyzes signup requests to block automated account creation. Cloudflare Privacy Policy

4. Data retention

Data typeRetentionLegal basis
Account data (email, profile)Until you delete your accountContract (Art. 6(1)(b))
Uploaded product imagesDeleted after generation completesContract (Art. 6(1)(b))
Generated images24 hours, then auto-purgedContract (Art. 6(1)(b))
Anonymous session data90 daysLegitimate interest (abuse prevention)
Payment records7 yearsLegal obligation (Spanish tax law)
Analytics events (Amplitude)Until consent withdrawn or account deleted (30-day SLA after deletion)Consent (Art. 6(1)(a))
Bot-protection signals (Turnstile, fingerprint)90 daysLegitimate interest (abuse prevention)

5. Your rights

Under GDPR, you have the right to access, correct, erase, port, and object to processing of your data. You can also withdraw consent for analytics at any time.

Self-serve options — Go to /settings to delete your account and download your data.

Cookie preferences — Reopen the cookie banner from /settings or the footer to revoke or accept analytics cookies.

Email contact — For other requests, email support@snaplyphotos.com

Note: After you delete your account, Amplitude data is flagged for deletion and purged within 30 days.

6. Contact

Privacy questions or data requests: support@snaplyphotos.com