1. Information We Collect

We collect various types of information to provide and improve our services, ensure security, and comply with legal obligations. The information we collect depends on how you interact with our services and whether you use them as a guest or registered user.

1.1 Information You Provide Directly

Account Information (Registered Users): When you create an account through Supabase authentication, we collect:

• Email address (required for account creation and communication)
• Password (securely hashed using bcrypt and never stored in plain text)
• Account creation date and timestamp
• Email verification status
• Optional profile information (display name, avatar) if provided
• Two-factor authentication credentials if enabled

Guest Session Information: For users accessing our service without registration:

• Browser-generated session identifiers
• Credit balance and transaction history (stored locally in browser)
• Service preferences and settings (stored locally in browser)
• Temporary session data for service functionality

Content and Usage Information: When you use our services, we may collect:

• URLs of content you request to download or process
• File upload data for AI processing (images, videos, audio files)
• Text prompts and descriptions submitted to AI generation tools
• Download preferences (quality settings, format choices)
• Files stored in your cloud storage account
• Project organization and file management data
• AI conversation history and chat messages
• Search queries and feature interactions

Payment and Billing Information: When you subscribe to paid plans:

• Payment method information (processed securely by DodoPay)
• Billing address and contact information
• Transaction history and payment receipts
• Subscription tier and renewal dates
• Credit usage and allocation history
• Tax information as required by applicable law

Communications: When you contact us:

• Support inquiries and correspondence via email or contact forms
• Feedback, suggestions, and feature requests
• Bug reports and technical issue descriptions
• Survey responses and user research participation
• Any information you choose to include in communications

1.2 Information Collected Automatically

Device and Browser Information: We automatically collect technical data when you access our services:

• Browser type, version, and language settings
• Operating system and version
• Device type (desktop, mobile, tablet), model, and manufacturer
• Screen resolution and display capabilities
• Installed browser plugins and extensions (limited detection)
• Network connection type (WiFi, cellular, etc.)
• Time zone and locale settings

Usage and Analytics Data: We collect information about how you interact with our services:

• Pages visited, features accessed, and navigation paths
• Time spent on pages and in different sections
• Click patterns, scroll depth, and interaction events
• Download frequency, timing, and platform preferences
• AI tool usage patterns and generation requests
• Search queries and result interactions
• Error messages and technical issues encountered
• Session duration and frequency of visits
• Referrer information (where you came from)
• Campaign tracking parameters (UTM codes)

Location Information: We collect limited location data:

• IP address (used to determine approximate location)
• Country and region information
• Time zone data
• Language and locale preferences
• We do NOT collect precise GPS coordinates or exact physical locations

Performance and Technical Metrics: To ensure service quality:

• Page load times and performance metrics
• API response times and success rates
• Error rates, crash reports, and debugging information
• Server response times and processing duration
• Network latency and connection quality
• Resource usage and optimization data

1.3 Cookies and Similar Technologies

We use cookies, local storage, session storage, and similar tracking technologies to provide functionality, improve user experience, and analyze usage patterns. Here's a comprehensive breakdown:

Essential Cookies (Required): Necessary for basic website functionality and cannot be disabled:

• Authentication cookies for maintaining login sessions
• Session identifiers for guest users
• Security tokens for CSRF protection
• Load balancing cookies for server distribution
• Cookie consent preferences
• Language and locale preferences

Functional Cookies (Optional): Enhance functionality and remember your preferences:

• User interface preferences (theme, layout)
• Download quality settings and format preferences
• Recently used features and tools
• Collapsed/expanded sections and view states
• Credit balance and transaction history (local storage)
• Cloud storage folder structures and organization

Analytics Cookies (Optional): Help us understand usage patterns:

• Google Analytics cookies (_ga, _gid, _gat) for usage tracking
• Page view tracking and navigation flow analysis
• Feature usage statistics and engagement metrics
• A/B testing and experiment participation
• Heatmap and user behavior recording (anonymized)
• Conversion tracking for goal completion

Advertising Cookies (Optional): Used by advertising partners:

• Advertisement display and frequency capping
• Campaign tracking and attribution
• Interest-based advertising and remarketing
• Ad performance measurement and optimization
• Cross-site tracking for advertising purposes

Local and Session Storage: Browser storage mechanisms we use:

• Credit balance and earning history (localStorage)
• User preferences and settings (localStorage)
• Temporary download data (sessionStorage)
• Draft AI prompts and unsaved work (localStorage)
• Recently accessed files and projects (localStorage)
• Cache for improved performance (localStorage)

Cookie Management: You can control cookies through:

• Your browser settings (most browsers allow cookie blocking)
• Our cookie consent banner (opt in/out of non-essential cookies)
• Third-party opt-out tools (e.g., Digital Advertising Alliance)
• Browser privacy modes (incognito/private browsing)
• Browser extensions for cookie management

Note that disabling essential cookies may impact service functionality and prevent you from accessing certain features.

1.4 Information from Third-Party Sources

We may receive information about you from third-party sources:

• Social media platforms (only publicly available information when you download content)
• Payment processors (transaction verification and fraud prevention)
• Analytics providers (aggregated usage statistics)
• Security services (threat detection and abuse prevention)
• Advertising networks (campaign performance data)
• AI service providers (usage metrics and API responses)

2. How We Use Your Information

We use the information we collect for various legitimate business purposes to provide, improve, and protect our services. Here's a comprehensive explanation of how we use your data:

2.1 Service Provision and Functionality

• Processing video, audio, and image download requests from social media platforms
• Generating AI content (text-to-video, text-to-image, text-to-audio)
• Providing cloud storage and file management services
• Managing your account, authentication, and security
• Processing payments and managing subscriptions through DodoPay
• Tracking and managing credit balances and usage
• Maintaining download history and project organization
• Enabling features like video editing, merging, and enhancement
• Providing AI chat assistance and conversational support
• Delivering requested content and services in your preferred format

2.2 Communication and Customer Support

• Responding to support inquiries and resolving technical issues
• Sending transactional emails (account verification, password reset, receipts)
• Notifying you of service updates, maintenance, and important changes
• Sending subscription renewal reminders and payment notifications
• Providing updates on feature requests and bug reports
• Communicating about changes to Terms of Service or Privacy Policy
• Sending security alerts and account activity notifications
• Delivering promotional communications (if opted in)

2.3 Service Improvement and Development

• Analyzing usage patterns to understand user needs and preferences
• Identifying popular features and platforms to prioritize development
• Testing new features, tools, and AI models
• Optimizing website performance, speed, and reliability
• Improving AI model accuracy and output quality
• Developing new features based on user feedback and behavior
• Conducting A/B testing and user experience research
• Enhancing user interface and navigation
• Debugging errors and resolving technical issues

2.4 Security and Fraud Prevention

• Detecting and preventing fraudulent activity and abuse
• Monitoring for unauthorized access and security threats
• Preventing spam, bot activity, and automated abuse
• Identifying and blocking malicious users
• Protecting against payment fraud and chargebacks
• Enforcing Terms of Service and usage policies
• Investigating violations and taking appropriate action
• Maintaining system integrity and security
• Complying with security best practices and standards

2.5 Analytics and Business Intelligence

• Measuring service performance and user engagement
• Understanding traffic sources and marketing effectiveness
• Analyzing conversion rates and user journeys
• Creating aggregated statistics and reports
• Conducting market research and competitive analysis
• Informing business decisions and strategic planning
• Measuring ROI of features and investments
• Identifying growth opportunities and areas for improvement

2.6 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal obligations
• Responding to legal requests from law enforcement or government agencies
• Protecting our legal rights and interests
• Enforcing our Terms of Service and policies
• Resolving disputes and legal claims
• Maintaining records for tax and financial compliance
• Cooperating with regulatory authorities
• Protecting the safety and rights of users and the public

2.7 Marketing and Advertising

• Displaying relevant advertisements to support our free service
• Personalizing content and recommendations
• Measuring advertising campaign effectiveness
• Conducting remarketing and retargeting campaigns
• Promoting new features and subscription tiers
• Sending promotional emails (with your consent)
• Creating lookalike audiences for advertising

2.8 AI Training and Improvement

• Using anonymized data to improve AI model performance
• Training AI models on aggregated usage patterns
• Enhancing AI output quality and accuracy
• Developing new AI capabilities and features
• Testing AI safety and content moderation systems
• Note: We do NOT use your specific content to train third-party AI models without explicit consent

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your information in the following circumstances:

3.1 Service Providers and Business Partners

We work with trusted third-party service providers who help us operate and improve our services. These providers have access to information only as needed to perform their functions and are obligated to protect your information:

Authentication and Database Services:

• Supabase (authentication, database, storage) - processes account data, files, and application data
• AWS/Google Cloud (infrastructure hosting) - hosts our servers and databases

Payment Processing:

• DodoPay (payment processing) - handles all payment transactions, billing information, and subscription management
• We do NOT store full credit card numbers or sensitive payment data on our servers

AI Service Providers:

• OpenAI (GPT models, DALL-E) - processes AI chat messages and image generation prompts
• Google Gemini (AI models) - processes various AI generation requests
• Replicate (AI models) - processes video generation and enhancement requests
• Other specialized AI providers for specific features
• These providers have their own terms of service and privacy policies

Analytics and Performance Monitoring:

• Google Analytics - website usage analytics and user behavior tracking
• Performance monitoring services - error tracking and performance metrics
• Heatmap and session recording tools - user interaction analysis

Advertising Networks:

• Google AdSense/AdMob - display advertising on our platform
• Other advertising partners - contextual and display advertising
• These networks may use cookies and tracking technologies for ad personalization

Content Delivery Networks:

• CDN providers - improve website speed and performance globally
• These services cache static content and deliver it from servers closer to you

Communication Services:

• Email service providers - send transactional and promotional emails
• Customer support platforms - manage support tickets and inquiries

3.2 Legal and Regulatory Requirements

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or government requests
• Respond to law enforcement or regulatory inquiries
• Protect and defend our legal rights, property, and interests
• Enforce our Terms of Service, policies, and user agreements
• Investigate potential violations or fraudulent activity
• Protect the safety, rights, and property of users and the public
• Prevent harm, illegal activity, or security threats
• Comply with tax and financial reporting requirements

3.3 Business Transactions

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the business transaction. In such cases:

• We will notify you via email and/or prominent website notice
• The acquiring entity will be bound by this Privacy Policy
• You will be given the opportunity to opt out if data usage changes significantly
• Your information will be treated as an asset of the business

3.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you:

• Usage statistics and trends (e.g., "1 million downloads this month")
• Platform popularity metrics and preferences
• Industry benchmarks and research data
• Performance metrics and service statistics
• Demographic insights and user behavior patterns

3.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so, such as:

• Sharing files from cloud storage with other users
• Participating in promotions or contests with third-party partners
• Connecting your account to third-party integrations
• Authorizing specific data sharing for particular purposes

4. Data Storage, Retention, and Deletion

4.1 Data Storage Locations

Your data is stored in various locations depending on the type of information:

Browser-Based Storage (Guest Users):

• Credit balance and transaction history stored in browser localStorage
• Session data and preferences stored in sessionStorage
• Cookies stored according to cookie policies
• This data remains on your device and is not transmitted to our servers
• You have complete control and can clear this data at any time

Cloud Storage (Registered Users):

• Account data stored in Supabase databases (hosted on AWS)
• Uploaded files stored in Supabase Storage (encrypted at rest)
• AI-generated content stored according to your subscription tier
• Data distributed across multiple geographic regions for redundancy
• Automatic backups maintained for disaster recovery

Temporary Processing Storage:

• Downloaded videos and files temporarily stored during processing
• AI generation inputs and outputs cached temporarily
• All temporary files automatically deleted within 30 minutes
• No permanent storage of processed content without explicit upload to cloud storage

4.2 Data Retention Periods

We retain different types of data for varying periods based on legal requirements, business needs, and user expectations:

Account and Profile Data:

• Active accounts: Maintained indefinitely while your account is active
• Inactive accounts: Maintained for 12 months of inactivity, then subject to deletion
• Deleted accounts: Basic information retained for 90 days, then permanently deleted
• Account deletion can be requested at any time through settings

Cloud Storage Files:

• Free tier: Files retained for 30 days, then automatically deleted
• PRO tier: Files retained for 180 days from last access
• PRO Extra tier: Unlimited retention until you delete or cancel subscription
• User-deleted files: Moved to trash for 30 days, then permanently deleted
• Upon subscription cancellation: Files retained for 30 days grace period

Transaction and Payment Records:

• Payment transactions: Retained for 7 years for tax and compliance purposes
• Billing information: Retained while subscription is active, plus 7 years
• Invoice and receipt data: Retained for 7 years per financial regulations
• Credit card information: Never stored; handled exclusively by DodoPay

Usage and Analytics Data:

• Usage logs: Retained for 12 months for analysis and debugging
• Analytics data: Retained for 26 months (Google Analytics standard)
• Performance metrics: Retained for 12 months
• Error logs: Retained for 6 months
• Security logs: Retained for 24 months for security investigations

Communication Records:

• Support tickets: Retained for 24 months after resolution
• Email correspondence: Retained for 24 months
• Feedback and surveys: Retained indefinitely in anonymized form
• AI chat history: Retained according to your subscription tier

Legal and Compliance Records:

• DMCA notices: Retained indefinitely as required by law
• Terms of Service violations: Retained for 5 years
• Legal disputes: Retained until resolution plus applicable statute of limitations
• Audit records: Retained for 7 years

4.3 Data Deletion and Right to Erasure

You have the right to request deletion of your personal data. Here's how data deletion works:

Manual Deletion:

• Delete individual files from cloud storage at any time
• Clear browser data to remove locally stored information
• Delete AI chat conversations from history
• Remove specific projects and folders

Account Deletion:

• Request account deletion through account settings
• Immediate deactivation upon deletion request
• 30-day grace period before permanent deletion
• All associated data deleted within 90 days
• Backups purged within 180 days

Exceptions to Deletion: We may retain certain information after deletion requests when:

• Required by law to maintain records (e.g., tax records)
• Necessary for legal proceedings or disputes
• Needed to detect fraud and prevent abuse
• Essential for enforcing Terms of Service
• Already anonymized or aggregated for research purposes

5. Data Security and Protection Measures

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. However, no security system is completely secure, and we cannot guarantee absolute security.

5.1 Technical Security Measures

Encryption:

• TLS 1.3 encryption for all data in transit (HTTPS)
• AES-256 encryption for data at rest in databases and storage
• Password hashing using bcrypt with salt (never stored in plain text)
• End-to-end encryption for sensitive communications
• Encrypted backups with secure key management

Authentication and Access Control:

• Supabase authentication with industry-standard protocols
• Optional two-factor authentication (2FA) for enhanced security
• Session timeout after periods of inactivity
• IP-based rate limiting to prevent brute force attacks
• Principle of least privilege for system access
• Role-based access control (RBAC) for internal systems

Infrastructure Security:

• Secure cloud infrastructure hosted on AWS and Google Cloud
• Firewalls and network segmentation
• DDoS protection and traffic filtering
• Intrusion detection and prevention systems (IDS/IPS)
• Regular security patches and system updates
• Secure server configurations following industry best practices
• Isolated environments for development, testing, and production

Application Security:

• Input validation and sanitization to prevent injection attacks
• CSRF (Cross-Site Request Forgery) protection
• XSS (Cross-Site Scripting) prevention
• SQL injection prevention through parameterized queries
• Content Security Policy (CSP) headers
• Secure cookie attributes (HttpOnly, Secure, SameSite)
• Regular dependency updates and vulnerability scanning

5.2 Operational Security Measures

• Limited employee access to user data on need-to-know basis
• Background checks for employees with data access
• Confidentiality agreements for all personnel
• Security awareness training for staff
• Incident response plan and procedures
• Regular security audits by third-party firms
• Penetration testing and vulnerability assessments
• Automated monitoring and alerting systems
• Secure development lifecycle (SDLC) practices
• Code review processes for security vulnerabilities

5.3 Data Breach Response

In the unlikely event of a data breach affecting your personal information, we will:

• Immediately investigate and contain the breach
• Assess the scope and impact of the incident
• Notify affected users within 72 hours as required by GDPR
• Provide detailed information about what data was affected
• Offer guidance on protective measures you can take
• Report to relevant authorities as required by law
• Take corrective actions to prevent future incidents
• Conduct post-incident analysis and improvements

5.4 Your Security Responsibilities

Security is a shared responsibility. You can help protect your account by:

• Using strong, unique passwords (at least 12 characters)
• Enabling two-factor authentication (2FA)
• Never sharing your password with others
• Logging out when using shared or public devices
• Keeping your browser and operating system updated
• Being cautious of phishing attempts and suspicious emails
• Monitoring your account for unauthorized activity
• Reporting suspected security issues immediately
• Using secure internet connections (avoid public WiFi for sensitive activities)

6. Your Privacy Rights and Choices

6.1 General Rights for All Users

Regardless of your location, you have the following rights regarding your personal information:

Access and Transparency:

• Request information about what personal data we hold about you
• Understand how we collect, use, and share your information
• Access your account dashboard to view stored data
• Request a copy of your data in a portable format

Control and Management:

• Update or correct inaccurate personal information
• Delete files and content from your cloud storage
• Clear browser data and local storage
• Manage cookie preferences and opt-out of non-essential cookies
• Control email communication preferences

Account Management:

• Delete your account at any time through account settings
• Cancel subscriptions and downgrade tiers
• Export your data before account deletion
• Request account deactivation instead of deletion

6.2 GDPR Rights (European Economic Area Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Right to Access (Article 15):

• Confirmation of whether we process your personal data
• Access to your personal data and information about processing
• Details about data recipients and retention periods
• Information about data sources

Right to Rectification (Article 16):

• Correction of inaccurate personal data
• Completion of incomplete personal data
• Updates to outdated information

Right to Erasure / "Right to be Forgotten" (Article 17):

• Deletion of personal data when no longer necessary
• Withdrawal of consent for data processing
• Objection to processing without overriding legitimate grounds
• Data processed unlawfully must be erased

Right to Restriction of Processing (Article 18):

• Restrict processing while verifying accuracy of contested data
• Limit processing of unlawfully processed data
• Retain data needed for legal claims
• Suspend processing during objection review

Right to Data Portability (Article 20):

• Receive personal data in structured, machine-readable format (JSON, CSV)
• Transmit data to another service provider where technically feasible
• Applies to data provided with consent or for contract performance

Right to Object (Article 21):

• Object to processing based on legitimate interests
• Object to direct marketing (including profiling)
• Object to processing for scientific or historical research

Right Not to be Subject to Automated Decision-Making (Article 22):

• Not be subject to decisions based solely on automated processing
• Request human intervention in automated decisions
• Challenge and explain automated decisions

Right to Withdraw Consent:

• Withdraw consent at any time where processing is based on consent
• Withdrawal does not affect lawfulness of prior processing
• Easy as giving consent originally

Right to Lodge a Complaint:

• File complaints with your local data protection authority
• Contact your supervisory authority if you believe we violated GDPR
• We will cooperate with investigations and findings

6.3 CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected
• Specific pieces of personal information we hold
• Categories of sources from which information was collected
• Business or commercial purposes for collecting or selling information
• Categories of third parties with whom we share information
• Request this information up to twice per 12-month period (free)

Right to Delete:

• Request deletion of personal information we collected
• Subject to exceptions (legal obligations, fraud prevention, etc.)
• We will direct service providers to delete your information

Right to Opt-Out of Sale/Sharing:

• Opt out of sale or sharing of personal information
• Note: We do NOT sell personal information in the traditional sense
• Advertising partners may be considered "sharing" under CCPA
• Manage through cookie preferences and advertising opt-outs

Right to Correct:

• Request correction of inaccurate personal information
• Update through account settings or by contacting us

Right to Limit Use of Sensitive Personal Information:

• Limit use of sensitive personal information to necessary purposes
• Applies to precise geolocation, financial data, health information, etc.

Right to Non-Discrimination:

• We will not discriminate for exercising CCPA rights
• No denial of services or different pricing/quality
• Financial incentive programs require opt-in consent

6.4 How to Exercise Your Rights

To exercise any of your privacy rights:

Online Methods:

• Access your account dashboard to view and manage data
• Use account settings to update information or delete account
• Manage cookie preferences through our cookie banner
• Export data using built-in data portability tools

Contact Methods:

• Email: [email protected] with subject "Privacy Rights Request"
• Include: Full name, email address, specific request, and supporting information
• For GDPR requests: Specify which right(s) you're exercising
• For CCPA requests: Specify "California Privacy Rights Request"

Verification Process:

• We will verify your identity before fulfilling requests
• May require email verification or account login
• Additional verification for sensitive requests
• Authorized agents must provide proof of authorization

Response Timeframes:

• GDPR requests: Response within 30 days (extendable to 60 days for complex requests)
• CCPA requests: Response within 45 days (extendable to 90 days)
• We will notify you if additional time is needed
• Requests are free; excessive requests may incur fees

7. International Data Transfers

Snap Rookies operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other countries where our service providers operate.

7.1 Legal Basis for Transfers

When we transfer personal data from the EEA, UK, or Switzerland to countries outside these regions, we rely on the following legal mechanisms:

• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Standard Contractual Clauses (SCCs): EU-approved contract terms with service providers
• Binding Corporate Rules: Internal data protection policies for multinational organizations
• Your Explicit Consent: When you explicitly consent to international transfers
• Contractual Necessity: Transfers necessary to provide services you requested

7.2 Safeguards for International Transfers

• Encryption of data in transit and at rest
• Contractual obligations with service providers for data protection
• Regular security assessments of international partners
• Compliance with applicable data protection laws in destination countries
• Limitation of data transfers to necessary purposes only

7.3 Your Rights Regarding International Transfers

• Request information about where your data is processed
• Obtain copies of safeguards in place (e.g., SCCs)
• Object to transfers that don't meet adequate protection standards
• Lodge complaints with supervisory authorities

8. Children's Privacy

Snap Rookies is committed to protecting the privacy of children and complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.

8.1 Age Requirements

• United States: Users must be at least 13 years old
• European Economic Area: Users must be at least 16 years old
• Other Jurisdictions: Users must meet the age of digital consent in their country
• Users between minimum age and 18 must have parental or guardian consent

8.2 No Knowing Collection from Children

• We do not knowingly collect personal information from children under applicable age limits
• We do not target advertising to children
• We do not create profiles of children or use AI to target them
• If we discover we've collected information from a child under the age limit, we will promptly delete it

8.3 Parental Rights and Controls

Parents and guardians have the right to:

• Review personal information collected from their children
• Request deletion of their child's personal information
• Refuse further collection or use of their child's information
• Contact us at [email protected] with concerns

If you believe a child has provided personal information to us:

• Contact us immediately at [email protected]
• Provide details about the child and the information provided
• We will investigate and take appropriate action
• We will delete any verified information collected from underage users

9. Third-Party Services and Links

9.1 Third-Party Service Providers

Our service integrates with various third-party providers, each with their own privacy policies and practices:

Authentication and Infrastructure:

• Supabase - Privacy Policy: supabase.com/privacy
• AWS - Privacy Policy: aws.amazon.com/privacy
• Google Cloud - Privacy Policy: cloud.google.com/privacy

AI Service Providers:

• OpenAI - Privacy Policy: openai.com/privacy
• Google Gemini - Privacy Policy: google.com/intl/en/policies/privacy
• Replicate - Privacy Policy: replicate.com/privacy

Payment Processing:

• DodoPay - Privacy Policy: dodopayments.com/privacy

Analytics:

• Google Analytics - Privacy Policy: policies.google.com/privacy

9.2 Social Media Platform Interactions

Our service interacts with social media platforms to download publicly available content:

• We only access publicly available content
• We do not access your private accounts or credentials
• We do not collect your login information for these platforms
• Platform privacy policies apply to content on their platforms
• We are not responsible for platform privacy practices

9.3 External Links

Our website may contain links to external websites, creator profiles, and resources:

• We are not responsible for privacy practices of external sites
• External sites have their own privacy policies and terms
• We encourage reviewing privacy policies of sites you visit
• Links do not imply endorsement or partnership

9.4 Advertising Networks

Third-party advertising networks may display ads on our service:

• Advertisers may use cookies and tracking technologies
• Ad networks may collect information about your browsing activity
• Interest-based advertising may be displayed
• Opt out through industry tools (e.g., youradchoices.com)
• We do not control third-party advertiser practices

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, business operations, or other factors. When we make changes, we will take the following steps:

10.1 Notification of Changes

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website
• Display a prominent notice on our homepage for material changes
• Send email notifications to registered users for significant changes
• Provide in-app notifications for substantial modifications
• Give at least 30 days notice for material changes affecting your rights

10.2 Material Changes

Material changes include but are not limited to:

• New categories of personal information collected
• Changes to purposes for which information is used
• New third parties with whom information is shared
• Changes to data retention periods
• Modifications to user rights or how to exercise them
• Changes affecting children's privacy protections

10.3 Your Acceptance

• Continued use after changes constitutes acceptance of updated policy
• For material changes, we may require explicit consent
• If you disagree with changes, discontinue service use
• Review this policy periodically to stay informed

10.4 Previous Versions

• Previous versions available upon request
• Version history maintained for compliance
• Contact [email protected] for archived versions

11. Contact Information and Privacy Inquiries

If you have questions, concerns, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact us through the following channels:

When contacting us about privacy matters, please include:

• Your full name and email address associated with your account
• Clear description of your privacy concern or request
• Specific right(s) you wish to exercise (for GDPR/CCPA requests)
• Any relevant supporting documentation
• Your preferred method and timeline for response
• Country of residence (for jurisdiction-specific rights)

Response Timeframes:

• General inquiries: 5-7 business days
• GDPR requests: 30 days (extendable to 60 days for complex requests)
• CCPA requests: 45 days (extendable to 90 days)
• Security issues: 24-48 hours for critical issues
• We will acknowledge receipt within 3 business days

Supervisory Authority Contacts:

• EEA residents: Contact your local Data Protection Authority
• UK residents: Information Commissioner's Office (ico.org.uk)
• Swiss residents: Federal Data Protection and Information Commissioner
• You have the right to lodge a complaint with these authorities

12. Additional Disclosures

12.1 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry consensus on how to respond to DNT signals. We do not respond to DNT signals at this time. However, you can control tracking through cookie settings and opt-out mechanisms described in this policy.

12.2 California Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

12.3 Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered information. We do not sell covered information as defined under Nevada law. If you are a Nevada resident and have questions, contact [email protected].

12.4 Accessibility

We are committed to making this Privacy Policy accessible to all users. If you have difficulty accessing this policy or need it in an alternative format, contact us at [email protected] and we will provide assistance.

13. Acknowledgment and Consent

BY ACCESSING OR USING SNAPROOKIES.ORG, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY IN ITS ENTIRETY, UNDERSTAND IT, AND AGREE TO THE COLLECTION, USE, STORAGE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.

You represent and warrant that:

• You meet the minimum age requirements for your jurisdiction
• You have the legal capacity to consent to this Privacy Policy
• If using on behalf of an organization, you have authority to bind that entity
• You understand your privacy rights and how to exercise them
• You have read and agree to our Terms of Service

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MUST NOT ACCESS OR USE OUR SERVICES.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Any terms not defined in this Privacy Policy have the meanings given in our Terms of Service.