Privacy Policy

The data controller for personal data described in this policy is JVR Consulting Ltd (“Snapnlink”, “we”, “us”), a company registered in England & Wales. You can contact us about this policy at privacy@snapnlink.com.

Where Snapnlink processes personal data on behalf of a business customer (for example, contact data uploaded into a digital card), that customer is the data controller and Snapnlink is the data processor. Our Data Processing Addendum (DPA) governs those processing activities and is available on request.

We collect personal data in three main categories:

Information you give us

• Account data: name, work email, password (stored as a salted hash), organization name.
• Profile and card data: job title, phone number, photo, links, biography — whatever you choose to publish on a Snapnlink card.
• Billing data: company name, billing address, VAT number, payment card details (processed by Stripe — we never see full card numbers).
• Support content: messages, attachments, and metadata you send us when contacting support.

Information we collect automatically

• Usage data: pages viewed, features used, timestamps, and approximate location derived from IP address.
• Device data: browser type, operating system, screen resolution, and user-agent string.
• Scan and click telemetry: when a QR code is scanned or a short link is clicked, we record the destination, timestamp, approximate location (city/country), device class, and referrer.
• Cookies and similar technologies: see our Cookie Policy for details.

Information from third parties

• Identity providers (Google, Microsoft, Okta) when you sign in with SSO.
• Payment processors (Stripe) confirming a successful charge or subscription update.
• Email providers reporting delivery, bounce, or unsubscribe events for product emails.

Under UK and EU GDPR, we must identify a lawful basis for every processing activity. The table below summarises ours:

• Operating the service (creating accounts, rendering cards, resolving QR codes, sending product emails) — performance of a contract.
• Billing and fraud prevention — performance of a contract and legitimate interests.
• Product analytics and improvement (aggregated usage, A/B tests) — legitimate interests.
• Marketing communications (newsletters, product updates) — consent. You can withdraw at any time via the unsubscribe link or by emailing us.
• Compliance with law (tax, accounting, responding to legal requests) — legal obligation.
• Security and abuse prevention — legitimate interests and legal obligation.

We share personal data with carefully selected processors who help us run the service:

• Cloud hosting and infrastructure: Vercel Inc. (USA, with EU regions), Supabase Inc. (USA, with EU regions).
• Payments: Stripe Payments Europe Ltd (Ireland) and Stripe Inc. (USA).
• Transactional email: Resend Inc. or Amazon SES, depending on environment.
• Customer support tooling: where used, only with appropriate data protection contracts in place.
• Analytics: privacy-aware product analytics; no third-party advertising trackers on public Snapnlink card pages.

We may also disclose data when required by law (court order, regulator request) or to protect the rights, property, or safety of Snapnlink, our customers, or others.

We never sell personal data.

Some of our processors are based outside the UK and EEA. Where personal data is transferred internationally, we rely on UK International Data Transfer Agreements, EU Standard Contractual Clauses (2021/914), and supplementary measures including encryption and access controls. A list of sub-processors with their locations is available on request.

• Account data: while your account is active, plus 90 days after closure to allow recovery, then deleted or anonymised.
• Billing records: at least 6 years to comply with UK accounting and tax obligations.
• Scan and click telemetry: visible for the analytics history window of your plan (30 days to 24 months); aggregate counts retained longer.
• Support tickets: 24 months from last activity.
• Backups: rolling 35-day window for operational restore.

Under UK and EU GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Erase your data (subject to legal retention obligations).
• Restrict or object to certain processing, including direct marketing.
• Receive a portable copy of data you provided.
• Withdraw consent at any time where processing relies on consent.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

To exercise any of these rights, email privacy@snapnlink.com. We respond within one month of a verified request. See our GDPR page for details on data subject access requests.

We use TLS encryption in transit, AES-256 encryption at rest, role-based access controls, audit logging, and least privilege principles across our infrastructure. See the Security page for more detail. No system is ever completely secure; if you suspect a vulnerability, please email security@snapnlink.com.

Snapnlink is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it.

We will post updates to this page and adjust the “Last updated” date. For material changes that reduce your rights, we will notify customers by email at least 30 days before the change takes effect.

Questions, requests, or concerns? Email privacy@snapnlink.com. Postal correspondence can be addressed to JVR Consulting Ltd at the registered office in England & Wales — request the address in your first email and we'll provide it.