SnappArchieve
SnappArchive
Legal

Privacy Policy

1. Introduction

This Privacy Policy describes how SnappArchive ("we," "our," or "us") collects, uses, processes, and protects your personal data when you use our AI-powered document digitization, OCR, classification, and archiving services (the "Services"). We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and Belgian data protection law. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Services.

2. Who We Are (Data Controller)

SnappArchive is the data controller responsible for your personal data processed through our Services. We are headquartered in the European Union and operate under EU and Belgian data protection regulations.

Contact Information:

  • Email: hello@snapparchive.eu
  • Data Protection Officer (DPO): To be appointed (contact via hello@snapparchive.eu until formally designated)

3. What Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Full name
  • Email address
  • Company name, size, and industry
  • Login credentials (passwords are hashed using industry-standard one-way hashing algorithms such as bcrypt, scrypt, or Argon2. Passwords are never stored in plain text)

3.2 Billing and Payment Information

  • Billing address and company VAT number
  • Payment information (processed securely through third-party payment processors; we do not store credit card numbers directly)

3.3 Document Data

  • Document files (PDFs, images, scanned documents)
  • Extracted text from OCR processing
  • Document metadata (file name, upload date, file size, format)
  • AI-generated classification tags and categories
  • Search queries performed within your document archive

3.4 Usage and Technical Data

  • IP address, browser type, operating system, and device information
  • Audit logs and access records (who accessed what document and when)
  • Usage analytics (features used, time spent, error logs)
  • Cookies and similar tracking technologies

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Services you requested and perform our contractual obligations.

Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our Services, fraud prevention, and system security, provided these interests do not override your fundamental rights.

Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations, including tax, accounting, and Belgian company law requirements.

Consent (Art. 6(1)(a)): Where you have provided explicit consent for specific processing activities (e.g., marketing communications), which you may withdraw at any time.

5. How We Use Personal Data

We use your personal data for the following purposes:

  • To create, manage, and authenticate your account
  • To provide, operate, maintain, and improve the Services
  • To process and digitize your uploaded documents using OCR and AI classification
  • To enable intelligent search and document retrieval
  • To process billing and payments
  • To communicate with you regarding service updates, technical support, security alerts, and account notifications
  • To prevent fraud, abuse, and unauthorized access
  • To comply with legal and regulatory obligations
  • To analyze usage patterns and improve our AI models and Services

6. Document Processing (Processor Role)

When you upload documents to SnappArchive, we act as a Data Processor on your behalf (GDPR Article 28). You remain the Data Controller of the documents and any personal data contained within them. We process customer-uploaded documents solely in accordance with your instructions and our Data Processing Agreement (DPA). We do not use the content of your documents for any purpose other than providing the Services to you. We do not use customer documents or extracted text to train AI models unless you have explicitly opted-in or provided written consent. A Data Processing Agreement (DPA) is available upon request for enterprise customers. Contact hello@snapparchive.eu to request a DPA.

7. Data Storage & Security

We implement technical and organizational measures to protect your data in compliance with GDPR Article 32:

7.1 Encryption

  • Data in Transit: Data transmitted between your device and our servers is encrypted using TLS 1.3.
  • Data at Rest: Stored data, including documents and databases, is encrypted using AES-256 encryption.

7.2 Access Controls

  • Role-based access control (RBAC) ensuring users only access data they are authorized to view
  • Multi-factor authentication (MFA) may be enabled for accounts where supported.
  • Zero-knowledge principles are applied where technically feasible.

7.3 Infrastructure Security

  • EU-based hosting exclusively — all data is stored in secure, geo-redundant data centers located within the European Union
  • Regular security reviews and testing.
  • Intrusion detection and prevention systems
  • Automated backup systems with 30-day retention (also stored exclusively in the EU)

7.4 Employee Access

  • SnappArchive employees cannot access your documents or personal data under normal circumstances.
  • Access is granted only when absolutely necessary for technical support or security purposes.
  • Access is only provided with your explicit permission or when required by law.

8. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

8.1 Service Providers (Data Processors)

  • We engage trusted third-party service providers to assist in operating the Services, including:
  • Cloud infrastructure providers (EU-based only)
  • Payment processors (Stripe, Mollie, or similar GDPR-compliant providers)
  • Email service providers for transactional emails
  • Analytics and monitoring tools (anonymized data only)
  • All service providers are bound by data processing agreements and are required to process data only on our instructions and in compliance with GDPR.

8.2 Legal Requirements

  • We may disclose your personal data if required to do so by law, court order, or government authority, or if necessary to protect our legal rights, prevent fraud, or ensure the safety of our users.

8.3 Business Transfers

  • In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity. We will notify you of any such change and ensure the successor entity continues to comply with this Privacy Policy and GDPR.

9. Your GDPR Rights

Under GDPR Articles 13–22 and Belgian data protection law, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure / "Right to be Forgotten" (Art. 17): Request deletion of your personal data.
  • Right to Restriction of Processing (Art. 18): Request that we limit how we use your data.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Data Portability (Art. 20): Request your data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Withdraw consent at any time.

To exercise any of these rights, contact us at hello@snapparchive.eu. We will respond within 30 days as required by GDPR Article 12.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law:

Account Data

  • Retained for the duration of your active account.
  • Upon account deletion, personal data is permanently deleted within 30 days, except where retention is legally required.

Documents

  • Retained only as long as you choose to store them.
  • You may delete documents at any time.
  • Documents are permanently removed from our systems within 30 days (including from backups).

Billing Data

  • Retained for 7 years in accordance with Belgian accounting and tax law requirements.

Backup Data

  • Backups are retained for a maximum of 30 days and are automatically purged thereafter.

Audit Logs

  • Retained for 12 months for security and compliance purposes, then anonymized or deleted.

11. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience and analyze usage of our Services. Cookies are small data files stored on your device.

Types of Cookies We Use

  • Essential Cookies: Necessary for the Services to function (e.g., session management, authentication). These cannot be disabled.
  • Security Cookies: Used to detect and prevent fraudulent activity and enhance security.
  • Analytics Cookies: Used to understand how users interact with our Services (anonymized data). We use privacy-friendly analytics tools.
  • We do not use advertising or third-party tracking cookies.

Managing Cookies

  • You can control and manage cookies through your browser settings.
  • Disabling essential cookies may affect the functionality of the Services.

12. International Data Transfers

SnappArchive processes and stores all personal data exclusively within the European Union. Our servers and data centers are located in EU member states, ensuring full compliance with GDPR data localization requirements.

Data Transfers Outside the EU

  • Only transferred to countries with an EU adequacy decision under GDPR Article 45
  • If no adequacy decision exists, EU Standard Contractual Clauses (SCCs) under GDPR Article 46 are implemented to ensure adequate protection
  • You will be notified of any such transfers and the safeguards applied

13. Childrens Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at hello@snapparchive.eu, and we will delete such information promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will: - Update the "Last updated" date at the top of this page - Notify you via email (for significant changes affecting your rights) - Prominently display a notice on our website or within the Services We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

15. Contact Information & DPO

If you have any questions, concerns, or requests regarding this Privacy Policy or how we process your personal data, please contact us:

  • Email: hello@snapparchive.eu
  • DPO: To be formally appointed (contact via hello@snapparchive.eu)

We are committed to resolving any privacy concerns in a timely and transparent manner.