Last Updated: [DATE]

GDPR Compliance and Your Data Rights

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) gives you specific rights regarding your personal data. SnipAPI is committed to respecting these rights and providing full transparency about how we handle your information.

2. Legal Basis for Data Processing

We process your personal data based on:

2.1 Contractual Necessity

  • Account creation and management
  • Service delivery and screenshot processing
  • Payment processing and billing (if applicable)

2.2 Legitimate Interest

  • Security monitoring and fraud prevention
  • Service improvement and optimization
  • Technical support and customer service

2.3 Consent

  • Marketing communications (if you opt-in)
  • Optional features and enhancements
  • Data processing beyond core service needs

3. Your GDPR Rights

3.1 Right to Information (Article 13-14)

  • We provide clear information about data collection
  • This policy explains how and why we process your data
  • You can request additional details about specific processing

3.2 Right of Access (Article 15)

  • Request a copy of all personal data we hold about you
  • Receive information about how your data is processed
  • Available through your account dashboard or by request

3.3 Right to Rectification (Article 16)

  • Correct inaccurate or incomplete personal data
  • Update your account information at any time
  • Contact us to correct data you cannot update yourself

3.4 Right to Erasure (Article 17)

  • Request deletion of your personal data ("Right to be Forgotten")
  • We will delete your data when legally permissible
  • Some data may be retained for legal compliance

3.5 Right to Restrict Processing (Article 18)

  • Temporarily suspend processing of your personal data
  • Available when disputing data accuracy or processing legality
  • Can be requested through your account settings

3.6 Right to Data Portability (Article 20)

  • Receive your data in a structured, machine-readable format
  • Transfer your data to another service provider
  • Export functionality available in your account dashboard

3.7 Right to Object (Article 21)

  • Object to processing based on legitimate interest
  • Opt-out of marketing communications
  • Request cessation of automated decision-making

4. How to Exercise Your Rights

4.1 Through Your Account

  • Account Dashboard: Access, update, and delete most data
  • Privacy Settings: Control data processing preferences
  • Export Tool: Download your data in standard formats

4.2 Contact Requests

  • Email: Send requests to [ADMIN_EMAIL]
  • Subject Line: Include "GDPR Request" for faster processing
  • Identity Verification: We may need to verify your identity

4.3 Response Times

  • Standard Requests: Response within 30 days
  • Complex Requests: May require additional 60 days
  • Urgent Requests: Prioritized based on circumstances

5. Data Processing Activities

5.1 Account Management

  • Data: Username, email, password hash, preferences
  • Purpose: Service access and account security
  • Legal Basis: Contractual necessity
  • Retention: Until account deletion

5.2 Screenshot Processing

  • Data: URLs, screenshots, metadata, usage statistics
  • Purpose: Core service delivery
  • Legal Basis: Contractual necessity
  • Retention: According to your account settings

5.3 Security Monitoring

  • Data: IP addresses, login attempts, security events
  • Purpose: Fraud prevention and service security
  • Legal Basis: Legitimate interest
  • Retention: 90 days for security logs

5.4 Communication

  • Data: Email address, communication history
  • Purpose: Account notifications and support
  • Legal Basis: Contractual necessity and consent
  • Retention: Until consent withdrawal or account deletion

6. Data Sharing and International Transfers

6.1 Third-Party Processors

  • Cloudflare R2: Secure file storage (EU/US adequacy decision)
  • Email Providers: Account communications (GDPR-compliant)
  • Security Services: Threat detection (privacy-certified)

6.2 Safeguards

  • Standard Contractual Clauses (SCCs) where applicable
  • Privacy Shield certified providers (where available)
  • Regular audits of third-party compliance

7. Consent Management

7.1 Giving Consent

  • Clear opt-in required for non-essential processing
  • Granular consent options where applicable
  • Easy withdrawal process available

7.2 Withdrawing Consent

  • Account Settings: Manage consent preferences
  • Email: Send withdrawal requests to [ADMIN_EMAIL]
  • Effect: Withdrawal does not affect past processing

8. Automated Decision Making

We do not use automated decision-making or profiling that significantly affects you. Any automated processes (like rate limiting) are transparent and based on objective criteria.

9. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer:

  • Email: [ADMIN_EMAIL] (Subject: "DPO - GDPR Inquiry")
  • Response Time: Within 5 business days
  • Languages: English (primary), other languages on request

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data properly.

11. Data Breach Notification

11.1 Our Obligations

  • Report high-risk breaches to supervisory authorities within 72 hours
  • Notify affected individuals without undue delay
  • Document all breaches and response measures

11.2 Your Rights

  • Receive clear notification of any breach affecting you
  • Information about the nature and extent of the breach
  • Details of our response and remediation measures

12. Regular Reviews and Updates

We regularly review our GDPR compliance:

  • Quarterly: Data processing audits
  • Annually: Full compliance review
  • Ongoing: Policy updates and improvements

This document provides information about your GDPR rights. For specific requests or questions, please contact us using the information provided above.