SnapStatic
Home Generator Free Proof Docs Guides Pricing
Login / Sign Up

Privacy Policy

Last updated: January 30, 2026

This Privacy Policy explains how SnapStatic ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services. We are committed to safeguarding your privacy in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for processing your personal data is:

SnapStatic
Contact: contact@snapstatic.io

2. Data We Collect

We collect the following categories of personal data depending on how you use our service:

a) Account Data

When you create a Pro account, we collect your email address and basic profile information through our authentication provider (Supabase). This data is used to manage your account, apply your subscription, and provide customer support.

b) Payment Data

Payments are processed by our third-party payment processor, Lemon Squeezy (Lemon Squeezy LLC). We do not store your credit card number, bank account details, or other financial credentials on our servers. Lemon Squeezy may collect payment information, billing address, and transaction details as described in their Privacy Policy. We receive from Lemon Squeezy only the data necessary to verify your subscription status (e.g., subscription ID, plan type, and payment status).

c) Usage Data

We may collect non-personally-identifiable information such as pages visited, feature usage, and error logs to improve the service. This data is processed in aggregate and is not used to identify individual users.

d) Free Generator Data

When you use the free generator, your Ghost API credentials are sent to our server to fetch content and generate your static site. We do not permanently store your API keys, generated site content, or uploaded files beyond the duration of the generation request.

3. Purpose and Legal Basis

We process your personal data for the following purposes and legal bases under GDPR:

  • Contract performance (Art. 6(1)(b) GDPR): To provide the SnapStatic service, manage your account, and process your subscription.
  • Legitimate interest (Art. 6(1)(f) GDPR): To maintain service security, prevent abuse, and improve the service.
  • Legal obligation (Art. 6(1)(c) GDPR): To comply with tax, accounting, or other legal requirements related to payment processing.

4. Bot Protection (Cloudflare Turnstile)

We use Cloudflare Turnstile on selected forms to prevent automated abuse. Turnstile is cookie-free and only activates when the widget loads or a protected form is submitted.

For verification, Cloudflare may process limited technical data such as IP address, user-agent, and basic browser signals. This processing is carried out by Cloudflare as our data processor and is strictly necessary for service security (legitimate interest, GDPR Art. 6(1)(f)). Cloudflare does not use this data for advertising. See Cloudflare's Turnstile Privacy Addendum.

5. Third-Party Service Providers

We use the following third-party services to operate SnapStatic:

  • Supabase: Authentication and database services.
  • Lemon Squeezy: Payment processing and subscription management.
  • Cloudflare: Hosting, content delivery, and bot protection (Turnstile).
  • Hetzner: Server infrastructure for static site generation processing.

Each provider processes data in accordance with their own privacy policies and applicable data processing agreements. We only share the minimum data necessary for each provider to fulfill their function.

6. International Data Transfers

Some of our third-party service providers (Supabase, Lemon Squeezy, Cloudflare) may process data outside the European Economic Area (EEA), including in the United States. Where data is transferred outside the EEA, appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission, in accordance with GDPR Chapter V.

Server infrastructure provided by Hetzner is located within the European Union (Germany).

7. Data Retention

We retain your personal data only for as long as necessary to provide the service and fulfill the purposes described above. Account data is retained for the duration of your active account. Payment records may be retained longer where required by tax or accounting laws.

When you delete your account, we will remove your profile data and associated records within a reasonable timeframe, subject to any legal retention obligations.

8. Your Rights

Under applicable data protection law (including the GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict the processing of your data
  • Request data portability
  • Lodge a complaint with a supervisory authority if you believe your rights have been violated

You can exercise these rights by contacting us at the email address below. We will respond to your request within the timeframes required by applicable law.

9. Cookies and Local Storage

SnapStatic uses essential cookies for authentication purposes only (e.g., session tokens). We do not use advertising or tracking cookies. No consent banner is required because we only use strictly necessary cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If changes are material, we will update the date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this policy, your data, or would like to exercise your privacy rights, please contact: contact@snapstatic.io.