Language
Back to home

Privacy Policy

Last updated: March 12, 2026

1. Introduction

This Privacy Policy explains how SnapIntel ("we", "us", "our"), operated by IE Roman Jarmukhametov, Republic of Kazakhstan, collects, uses, stores, and protects your personal data when you use the Service at snapintel.io.

We process your data in accordance with:

  • The Law of the Republic of Kazakhstan "On Personal Data and Their Protection" (No. 94-V, dated May 21, 2013, as amended);
  • The General Data Protection Regulation (EU) 2016/679 (GDPR), applicable to users in the European Economic Area.

By using the Service, you acknowledge the data practices described in this Policy. Where processing is based on consent, we collect that consent separately through explicit checkboxes or similar mechanisms at the point of data collection.

2. Data We Collect

  • Email address
  • Display name
  • Avatar image (optional, if uploaded)
  • Authentication provider (email/password or Google)
  • Account creation date and last login

  • Smartcat bilingual DOCX files you upload
  • Normalized internal versions of those files
  • Generated glossary, domain analysis, and prompt content
  • Translated DOCX output files
  • Excel export files
  • QA reports and quality ratings

  • Your OpenAI API key, stored in encrypted form at rest
  • API key is never returned in plaintext via any API endpoint

  • Translation job records: status, word counts, timestamps, model used, token usage
  • Project metadata: name, source/target languages, file counts
  • Billing tier and quota usage
  • IP address and approximate geolocation (country level)
  • Browser type and operating system (from standard HTTP headers)
  • Authentication events (login, failed login attempts, password reset)

We do not collect or store your payment card details. Payment data (card numbers, billing address, invoice records) is collected and stored directly by Paddle (our Merchant of Record) in accordance with Paddle's Privacy Policy. We receive from Paddle only subscription status, plan tier, and anonymised transaction identifiers necessary to activate your plan.

  • Emails you send us for support
  • Transactional emails we send you (account confirmation, password reset)

3. How We Use Your Data

Providing the Service (account management, running translation jobs)Contract performanceConsent / Contract
Processing documents through OpenAI APIContract performanceConsent
Enforcing plan quotas and billingContract performanceContract
Payment processing (sharing account email with Paddle)Contract performanceContract
Sending transactional emailsContract performance / Legitimate interestsContract / Legitimate interests
Security monitoring (detecting suspicious access)Legitimate interestsLegitimate interests
Improving and debugging the ServiceLegitimate interestsLegitimate interests
Compliance with legal obligationsLegal obligationLegal obligation

We do not use your document content for training AI models. We do not sell your personal data to third parties.

4. Document Processing via OpenAI

This is important to understand:

When you run a translation job, the text content of your uploaded documents is transmitted to OpenAI's API for processing. This means:

  • Your document content leaves our servers and is processed by OpenAI (an US-based third party);
  • OpenAI's data processing is governed by their API usage policies and Data Processing Addendum (DPA). As a business using OpenAI's API, we have entered into OpenAI's DPA, which incorporates Standard Contractual Clauses (SCCs) for transfers of personal data from the EEA to the United States. As of the date of this Policy, OpenAI does not use API-submitted content to train its models by default. Please verify at openai.com/policies;
  • If your documents contain confidential, personal, or regulated data, you are responsible for ensuring you have the legal right to process that data through a third-party AI service.

For Agency-plan users using BYOK: your documents are processed through your own OpenAI account under your own API key and OpenAI account terms.

5. Data Storage and Security

Your data is stored on servers located in the European Union. We use reputable EU-based cloud infrastructure providers.

  • Passwords are hashed (bcrypt) and never stored in plaintext;
  • OpenAI API keys are encrypted at rest and never exposed via API responses;
  • HTTPS/TLS encryption for all data in transit;
  • Session revocation mechanism for active sessions;
  • Security event logging for authentication anomalies.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34 and applicable RK Law requirements. Notification will be sent to the email address associated with your account and will describe the nature of the breach, the data affected, and the steps we are taking to address it.

  • Project data and uploaded files: retained until you delete the project, or until your account is terminated. Upon project deletion, files are permanently removed from our active systems and from backup storage within 30 days;
  • Account data: retained for the duration of your account plus 30 days after termination;
  • Usage logs and statistics: retained for up to 12 months for operational and security purposes;
  • Authentication security events: retained for up to 6 months.

6. Your Rights

You have the right to:

  • Access your personal data we hold;
  • Rectification of inaccurate data;
  • Erasure ("right to be forgotten") — request deletion of your personal data;
  • Restriction of processing in certain circumstances;
  • Data portability — receive your data in a machine-readable format;
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with your local supervisory authority.

In accordance with the Law of the Republic of Kazakhstan "On Personal Data and Their Protection", you have the right to:

  • Know whether your personal data is being processed, and its content;
  • Require correction of incomplete or inaccurate data;
  • Require deletion of your data if the processing is unlawful or no longer necessary;
  • Withdraw consent to processing.

Contact us at hello@snapintel.io. We will respond within 30 days. We may need to verify your identity before processing your request.

Note on project deletion: You can delete your projects and associated files at any time directly within the Service without contacting us.

7. Cookies and Analytics

We use session cookies and authentication tokens required for the Service to function. These cannot be disabled without breaking the Service.

We currently use Umami on the public, unauthenticated pages of the Service (for example, landing pages, legal pages, and account access pages) to measure visits and key conversion events in a privacy-preserving, cookieless manner.

  • Not track users across external websites;
  • Avoid collecting direct identifiers such as document content, email addresses, names, or passwords;
  • Limit analytics to aggregated pageview and event reporting on our own public pages.

Because this analytics setup is cookieless and limited to aggregated, non-identifying usage data on our own pages, no separate consent banner is required under our current implementation. If we later introduce analytics tools that set non-essential cookies or collect individually identifiable data, we will present a cookie consent banner before activating them.

We do not use Google Analytics or other third-party advertising tracking.

We use Sentry for error monitoring and debugging. Error reports may include technical information about your session but do not include document content.

8. Third-Party Services

Paddle (Paddle.com Market Limited)Payment processing, subscription management, tax remittance — acts as Merchant of RecordUK / Irelandpaddle.com/legal/privacy
OpenAIAI translation processingUSAopenai.com/policies
ResendTransactional email deliveryUSA/EUresend.com/privacy
VPS Provider (EU)Server infrastructureEUProvider-specific (available upon request)
SentryError monitoringUSA/EUsentry.io/privacy

Note on Paddle: When you subscribe to a paid plan, your email address and subscription details are shared with Paddle to create and manage your billing record. Paddle acts as an independent data controller for payment data under its own Privacy Policy. We do not receive or store your card details. Paddle transfers payment data subject to UK GDPR and, for EEA users, EU Standard Contractual Clauses.

When we transfer personal data to other third-party processors outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent). A full list of our sub-processors is available upon request at hello@snapintel.io.

9. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

This Policy may be updated from time to time. We will notify you of material changes via email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact and Data Controller

Data Controller:

IE Roman Jarmukhametov, Republic of Kazakhstan

Email: hello@snapintel.io

Website: snapintel.io

For all inquiries: hello@snapintel.io