Legal

Privacy Policy

Last Updated: May 26, 2026 · Effective Date: May 26, 2026

This Privacy Policy describes how SnapSaaS ("we," "us," or "our") collects, uses, retains, discloses, and protects personal information in connection with our website at getsnapsaas.com and our business operations services. By submitting an intake form or using our services, you consent to the practices described in this Privacy Policy.

1. Identity and Contact Information of the Data Controller

The data controller responsible for your personal information is:

SnapSaaS
Owned and operated by Joseph Bucci
Email: info@getsnapsaas.com
Website: getsnapsaas.com

For all privacy-related inquiries, data access requests, or complaints, please contact us at the email address above.

2. Categories of Personal Information We Collect

2.1 Information You Provide Directly

We collect the following categories of personal information when you submit an intake form, communicate with us, or use our services:

Category	Specific Data Elements	Purpose
Contact Information	First name, last name, email address, phone number	Service delivery; communications
Business Information	Business name, industry, city, years in business, team size, revenue range	Personalizing deliverables
Operational Data	Biggest challenges, time drains, lead sources, close rate, loss reasons, success vision	Building relevant deliverables
Commercial Information	Package selected, payment history	Billing; service tier management
Communication Records	Emails sent and received, revision requests, support inquiries	Account management; dispute resolution
Consent Records	Timestamp and record of Terms of Service acceptance	Legal compliance; record-keeping

2.2 Information We Do Not Collect

We do not collect or process:

Government-issued identification numbers (Social Security numbers, passport numbers, driver's license numbers)
Financial account numbers, bank routing numbers, or credit card numbers (payment processing is handled entirely by Stripe)
Protected health information or medical records
Biometric data
Information from or about minors under 18 years of age

2.3 Automatically Collected Information

Our website does not use tracking cookies, third-party analytics services, advertising pixels, or behavioral tracking technologies of any kind. We do not collect IP addresses, browser fingerprinting data, or device identifiers for profiling purposes. Basic server access logs may be maintained by our hosting provider (Railway) for security and infrastructure purposes only.

3. Legal Basis for Processing (GDPR)

To the extent the General Data Protection Regulation ("GDPR") applies to our processing of your personal information, we process personal data on the following legal bases:

Contract Performance (Article 6(1)(b)): Processing necessary to deliver the services you have purchased or to take pre-contractual steps at your request (e.g., processing your intake form).
Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including service improvement, fraud prevention, and direct marketing to existing clients, provided these interests are not overridden by your rights.
Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws and regulations.
Consent (Article 6(1)(a)): For optional communications beyond those directly related to your service, where you have provided explicit consent.

4. How We Use Your Personal Information

We use the personal information we collect for the following purposes:

Service Delivery: To prepare, personalize, and deliver Deliverables specific to your business;
Communications: To send service-related emails including onboarding sequences, delivery notifications, progress updates, and check-ins;
Billing and Account Management: To process payments, manage subscriptions, and maintain account records;
Quality and Improvement: To review and improve the quality of our services using anonymized, non-identifiable information;
Legal Compliance: To comply with applicable laws, respond to legal process, and enforce our Terms of Service;
Fraud Prevention: To detect, investigate, and prevent fraudulent or unauthorized activity;
Business Communications: To send service upgrade information, referral program information, and review requests, each subject to opt-out rights described in Section 7.

We do not sell, rent, trade, or otherwise transfer your personal information to any third party for their independent marketing purposes.

5. Disclosure of Personal Information

5.1 Service Providers

We share personal information with the following categories of third-party service providers solely to the extent necessary to operate our business and deliver our services:

Provider	Purpose	Data Shared	Privacy Policy
Stripe, Inc.	Payment processing	Name, email, payment data	stripe.com/privacy
Zoho Corporation	Email delivery (Zoho Mail)	Name, email address, email content	zoho.com/privacy
Anthropic, PBC	AI-assisted document creation	Business information from intake form	anthropic.com/privacy
Railway Corp.	Cloud hosting and infrastructure	All data processed on our servers	railway.app/legal/privacy
Hunter.io	Business email discovery (prospecting only)	Business domain (not client data)	hunter.io/privacy

All service providers are required to process personal information only as directed by us and in a manner consistent with this Privacy Policy.

5.2 Legal Disclosures

We may disclose personal information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of SnapSaaS, our clients, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of SnapSaaS's assets, personal information may be transferred to the acquiring entity, subject to the same protections as described in this Privacy Policy. We will notify affected clients by email prior to such transfer.

5.4 No Sale of Personal Information

SnapSaaS does not sell personal information to third parties, as defined under the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, or any other applicable privacy law.

6. Data Retention

We retain personal information for the periods set forth below or as otherwise required by applicable law:

Client account and intake data: For the duration of the client relationship and for three (3) years following the last interaction or termination of services, to support potential disputes, legal claims, and service records.
Payment and billing records: For seven (7) years following the transaction, as required for tax and financial record-keeping purposes.
Email communications: For three (3) years following the last communication.
Consent records: For the duration of the client relationship and three (3) years thereafter.
Prospecting data (non-clients): For up to twelve (12) months from the date of initial contact, after which it is archived or deleted.

Upon expiration of applicable retention periods, personal information will be securely deleted or anonymized.

7. Your Privacy Rights

7.1 Rights Available to All Users

Subject to applicable law, you have the right to:

Access: Request confirmation of whether we process your personal information and receive a copy of the specific personal information we hold about you;
Rectification: Request correction of inaccurate or incomplete personal information;
Erasure: Request deletion of your personal information, subject to legal retention obligations;
Restriction: Request that we restrict processing of your personal information in certain circumstances;
Portability: Receive your personal information in a structured, commonly used, machine-readable format;
Objection: Object to processing based on legitimate interests, including for direct marketing purposes; and
Opt-Out of Communications: Unsubscribe from non-essential automated emails by replying "UNSUBSCRIBE" to any email from SnapSaaS or by contacting us directly.

7.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

The right to know the categories and specific pieces of personal information collected, used, disclosed, or sold about you;
The right to delete personal information collected from you, subject to certain exceptions;
The right to correct inaccurate personal information;
The right to opt out of the sale or sharing of personal information (SnapSaaS does not sell or share personal information);
The right to limit use and disclosure of sensitive personal information; and
The right to non-discrimination for exercising your CCPA rights.

To submit a verifiable consumer request under the CCPA, email us at info@getsnapsaas.com. We will respond within forty-five (45) days of receipt of a verifiable request.

7.3 Submitting a Privacy Request

To exercise any of the rights described above, contact us at info@getsnapsaas.com with the subject line "Privacy Request." We will respond within thirty (30) days (or forty-five (45) days for CCPA requests). We may require verification of your identity before processing your request.

8. Security

8.1 Technical Safeguards

We implement commercially reasonable technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include: access controls limiting data access to authorized personnel only; data transmission over encrypted (HTTPS/TLS) connections; and use of third-party providers with their own security certifications and programs.

8.2 Payment Security

All payment card data is processed directly by Stripe, Inc., a PCI DSS Level 1 certified payment processor. SnapSaaS does not receive, process, store, or transmit payment card data.

8.3 No Absolute Security

No method of electronic storage or transmission is completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of your personal information. You use our services at your own risk with respect to security incidents beyond our reasonable control.

8.4 Data Breach Notification

In the event of a security breach that is reasonably likely to result in harm to affected individuals, we will notify affected clients by email in accordance with applicable law. Notification will be provided without unreasonable delay and, where required by law, within seventy-two (72) hours of discovery.

9. Cookies and Tracking Technologies

Our website does not use cookies, pixel tags, web beacons, local storage, or other tracking technologies for advertising, analytics, or behavioral profiling purposes. We do not participate in interest-based advertising. No third-party advertising networks have access to our website visitors.

10. Children's Privacy

Our services are intended solely for individuals aged 18 and older operating businesses. We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete such information. If you believe we have collected information from a minor, please contact us immediately.

11. International Data Transfers

SnapSaaS is based in the United States. If you access our services from outside the United States, your personal information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. By using our services, you consent to the transfer and processing of your personal information in the United States.

12. Third-Party Links

Our website and communications may contain links to third-party websites. This Privacy Policy applies only to SnapSaaS and does not govern the privacy practices of any third-party website or service. We encourage you to review the privacy policies of any third-party sites you visit.

13. Automated Decision-Making

SnapSaaS uses automated systems to evaluate intake form submissions and determine eligibility for services, including compliance screening for Prohibited Industries. This automated screening may result in automatic rejection of a submission without human review. If you believe your submission was incorrectly rejected, you may contact us to request human review.

14. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Policy, we will notify active clients by email at least fourteen (14) days before the changes take effect and update the "Last Updated" date at the top of this page. Your continued use of our services after the effective date of any modification constitutes acceptance of the revised Privacy Policy. If you disagree with any changes, your remedy is to cease using our services and request deletion of your personal information pursuant to Section 7.

15. How to Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

SnapSaaS — Privacy
info@getsnapsaas.com
getsnapsaas.com

We will acknowledge receipt of your inquiry within five (5) business days and respond fully within thirty (30) days.

This Privacy Policy is incorporated by reference into the SnapSaaS Terms of Service. Please also review our Terms of Service.