Back to SnapFlow

Privacy Policy

Effective date: 9 April 2026 — Last updated: 20 June 2026

1. Data Controller

SnapFlow is operated by the entity listed on our Imprint page. If you have questions about this policy or your personal data, contact us at: [loading…]

2. Data We Collect

  • Account data: Email address, full name, hashed password (bcrypt), account type, and chosen subscription plan.
  • Billing data: Billing name and address for invoice purposes; payment processing is handled entirely by Stripe — we never store card numbers.
  • Usage data: Album names, photo metadata (EXIF capture time, resolution, file size), upload timestamps, and post history.
  • Technical data: IP address (used solely for rate limiting and abuse prevention), HTTP request logs retained for 90 days.
  • Consent record: The timestamp at which you accepted these Terms & Conditions and Privacy Policy during registration, and the timestamp at which you granted or withdrew AI-processing consent.
  • AI photo processing (third-party AI service): If you enable AI features for an album — AI captions/keywords, or recognition of visible race, bib, sail or jersey numbers and team liveries — and you have granted AI-processing consent, a downscaled copy of the relevant photos (together with a text instruction) is transmitted to our AI sub-processor Anthropic PBC (provider of the Claude API, United States) to perform that task. Depending on the album's settings this may happen automatically as photos are uploaded, or when you tap "Recognize" / "Generate with AI". Photos are processed transiently — under Anthropic's commercial API terms they are not retained and are not used to train AI models. No faces, face crops, or biometric data are ever sent to Anthropic or any other AI service. AI processing is off until you grant consent; you can grant or withdraw it at any time in the SnapFlow app (Profile → AI processing) or on the web (Settings → Privacy), and withdrawing it immediately stops any further transmission.
  • Biometric / face data (optional, processed on our own servers): If you enable face recognition for an album and confirm you have a legal basis to process the depicted persons' data (GDPR Art. 9(2) / KUG § 23), SnapFlow detects faces and computes a numerical face embedding (a mathematical "faceprint") so photos of the same person can be grouped and labelled. This face processing runs entirely on SnapFlow's own servers — face images, face crops, and embeddings are never sent to Anthropic or any other third party, and are never used for advertising or profiling. Face data is stored only for your account, used solely to group and label people within your own albums, and is deleted when you delete the photos, the album, or your account (see "Data Retention"). Face recognition is off by default and only runs after you explicitly enable it and confirm the legal basis.

3. Instagram / Meta Integration

When you connect an Instagram account, SnapFlow requests the following Meta permissions:

  • instagram_business_basic — read your Instagram user ID and username.
  • instagram_business_content_publish — publish feed posts and stories on your behalf.

What we store:

  • Your Instagram user ID and username.
  • Your Meta access token — stored encrypted at rest using Fernet symmetric encryption (AES-128-CBC). No plaintext token is ever written to disk or logged.
  • A daily snapshot of your follower count for use in your analytics dashboard.
  • Post performance metrics (likes, comments, impressions, reach, saves) fetched from the Meta Graph API.

What we do with it:

  • Publish content to Instagram on your explicit instruction.
  • Retrieve engagement analytics so you can track your post performance inside SnapFlow.
  • Your Instagram data is used solely for your own account. It is never shared with other SnapFlow users, sold, or used for any profiling or advertising purpose.

Disconnect at any time: Go to Dashboard → Socials → Accounts and click "Disconnect". This immediately revokes our access and deletes your stored access token and all associated Instagram data from our database.

4. Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): Account registration, album management, FTP upload, and gallery sharing.
  • Consent (Art. 6(1)(a)): Connecting your Instagram account and publishing content via the Meta API.
  • Legal obligation (Art. 6(1)(c)): Retention of invoices and billing records as required by German commercial law (§ 257 HGB, § 147 AO).
  • Legitimate interests (Art. 6(1)(f)): IP-based rate limiting and abuse prevention to protect platform integrity.

5. Data Retention

  • Account data: Retained for the lifetime of your account plus 30 days after deletion (to allow recovery).
  • Instagram tokens: Deleted immediately upon disconnection or account deletion.
  • Payment records: Retained for 10 years as required by German law (§ 257 HGB).
  • Server logs: Retained for 90 days, then automatically purged.
  • Photos and albums: Deleted within 30 days of your account deletion request.
  • Face data & recognition results: Face crops, face embeddings, and recognition results are retained only while the album exists and are deleted when you delete the relevant photos, the album, or your account (within 30 days of an account-deletion request). Photos sent to Anthropic for AI processing are not retained by Anthropic.

6. Sub-processors

We use the following third-party services to deliver SnapFlow:

Provider Purpose Location
Anthropic PBCAI photo processing (Claude API) — captions/keywords and recognition of visible numbers & team liveries. Photos are transmitted only when you enable AI features and have granted AI-processing consent; no face or biometric data is sent. Anthropic does not retain the photos or train on them.USA
Meta PlatformsInstagram API (content publishing, analytics)USA
StripePayment processingUSA / EU
Hetzner Online GmbHCloud hosting & storage infrastructureGermany / EU

Data transfers to the USA are covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses.

7. Your Rights (GDPR Art. 15–22)

You have the right to:

  • Access (Art. 15): Request a copy of all personal data we hold about you.
  • Rectification (Art. 16): Correct inaccurate data via your profile settings.
  • Erasure (Art. 17): Request deletion of your account and all associated data.
  • Restriction (Art. 18): Request we restrict processing of your data while a dispute is resolved.
  • Portability (Art. 20): Receive your data in a machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.

To exercise any of these rights, contact us at [loading…]. We will respond within 30 days.

8. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. In Germany, you may contact the relevant Federal Commissioner for Data Protection and Freedom of Information (BfDI) or the supervisory authority of the German state in which we operate.

9. Changes to This Policy

We will notify registered users by email at least 14 days before any material changes to this Privacy Policy take effect. Non-material changes (e.g. typo corrections, clarifications) may be made without advance notice. The "Last updated" date at the top of this page always reflects the most recent revision.

Terms & Conditions Imprint