Privacy Policy

GloSnap is operated by SIA Billy, registered at Ulbrokas 23, Riga, Latvia (reg. 40203676674). We are the data controller for information collected through glosnap.com.

What we collect

• Account data: Email address and display name via Clerk authentication.
• Purchase data: Credit purchases, payment method (processed by Polar/Stripe), and invoice records.
• Generated headshots: The AI-generated result images, stored encrypted in your account.
• Usage data: Analytics events (PostHog), only with your consent.
• Advertising data: Conversion events shared with Meta and TikTok, only with your marketing consent.

What we do NOT collect

• Source photos: Your uploaded selfie is processed in memory and never written to disk or stored. It is discarded immediately after generation.
• Biometric data: We do not extract, store, or process biometric identifiers.
• Training data: Your photos are never used to train AI models.

How we use your data

We use your data solely to:

• Generate and deliver your headshots
• Manage your account and credit balance
• Process payments
• Improve the service (anonymous, aggregated analytics only)

Data storage and security

Generated headshots are stored in AWS S3 with server-side encryption (SSE-C) using per-user keys. All data is transmitted over HTTPS. We follow security best practices including CSP headers, rate limiting, and regular security audits.

Your rights (GDPR)

As an EU-based company, we comply with GDPR. You have the right to:

• Access: Export your data from your account settings, or email [email protected].
• Rectification: Update your profile information at any time.
• Erasure: Delete your account to remove all data. Purchase records are anonymized for tax compliance.
• Portability: Export your data as JSON from your account settings.
• Object: Opt out of analytics via cookie settings.

Cookies

We use essential cookies for authentication, analytics cookies (PostHog) for product improvement, and marketing cookies (Meta Pixel, TikTok Pixel) for advertising measurement. Analytics and marketing cookies are only set with your explicit consent via our cookie banner.

Third-party processors

• Clerk: Authentication
• Polar / Stripe: Payment processing
• AWS: Image storage (S3) and face validation (Rekognition)
• Google (Gemini) / OpenAI: AI image generation
• PostHog: Analytics (opt-in only)
• Meta (Facebook): Advertising conversion measurement (opt-in only)
• TikTok: Advertising conversion measurement (opt-in only)
• Cloudflare: CDN and security

Data retention

Generated headshots are retained until you delete your account. Source photos are never retained. Purchase records are kept for 7 years (tax compliance) in anonymized form after account deletion.

Contact

For privacy inquiries: [email protected]

---

Full MDX content will be added in Phase 5. This is a placeholder summary of the privacy policy.