Privacy Policy

This Privacy Policy describes how Snoopi, Inc. ("Snoopi," "Company," "we," "us," or "our") collects, uses, stores, and discloses your personal data when you use our Services — including when you visit snoopi.io, use our dashboard, or communicate with us by email or other digital means.

If you do not agree with our data handling practices described here, please do not use our Services. By using our Services, you acknowledge and agree that Snoopi may process your personal data as described in this Policy.

When you visit the Site or use the Services, we may collect information that identifies or is reasonably capable of being associated with you ("Personal Data"). The table below describes what we collect, where it comes from, and who is affected.

We do not collect payment information directly. Our third-party provider, Stripe, handles payment processing. See Stripe's Privacy Policy for more information.

We do not collect information about citizenship or immigration status, racial or ethnic origin, religious beliefs, health information, genetic or biometric data, sexual orientation, precise geolocation, political opinions, union membership, or personal data from anyone known to be under 18.

We may automatically collect certain technical information through cookies and similar tracking technologies when you access our Site. This data does not reveal your specific identity but may include device information, IP address, browser and device characteristics, operating system, language preferences, referring URLs, and information about how and when you access the Services.

Cookies

A cookie is a small text file stored in your browser. Cookies allow us to identify your device as you navigate our Site. We use session cookies (which disappear when you close your browser) to maintain your logged-in state and improve your experience. You can opt out of most cookie categories through your browser settings, though this may affect Site functionality.

Analytics

We use third-party analytics tools to better understand how users interact with the Site, improve our Services, and deliver relevant content:

• —Google Analytics — tracks traffic and usage patterns. See Google's Privacy Policy and the opt-out tool.
• —HubSpot Analytics — tracks Site visits, marketing campaign performance, and visitor engagement to help us personalize communications.

Do Not Track

We do not currently process or respond to "Do Not Track" signals from browsers. To learn more, visit allaboutdnt.com.

We use your personal data only for the purposes described below, and only to the extent necessary for those purposes:

• —Account management — creating, authenticating, and maintaining your account.
• —Service delivery — processing orders, delivering proxies, and fulfilling purchases.
• —Payment processing — receiving and recording payments in accordance with our agreements.
• —Customer support — responding to inquiries and resolving technical issues.
• —Communications — sending service updates, policy changes, and similar administrative notices.
• —Feedback — requesting feedback and contacting you about your use of the Services.
• —Marketing — sending promotional communications where permitted by law and consistent with your preferences. You can opt out at any time.
• —Site improvement — troubleshooting, data analysis, testing, and internal reporting.
• —Legal compliance — disclosing data as required by applicable law, legal process, or to enforce our legal rights.

We will not use your personal data for purposes that are incompatible with the original purpose of collection without first notifying you and, where required, obtaining your consent.

We may disclose your personal data to third parties only for legitimate business purposes and subject to appropriate contractual protections. Categories of recipients include:

• —Our affiliates or related companies;
• —Service providers and contractors, including payment processors (Stripe), CRM tools (HubSpot), hosting providers, auditors, and analytics providers (Google Analytics);
• —Business partners;
• —Government entities, judicial or regulatory authorities, or law enforcement where required by law;
• —Successors to all or part of our business in connection with a merger, acquisition, or sale;
• —Any third party where you have directed or consented to the disclosure.

We do not sell or share your personal data with third parties for their direct marketing purposes without your explicit and informed consent.

We may share de-identified or aggregated information that cannot identify any individual with third parties.

Snoopi is based in the United States. Information we collect may be transferred to, stored at, and processed in countries other than the one in which you provided it. By using our Services and submitting your information, you agree to this transfer, storage, and processing. We take all steps reasonably necessary to ensure your information is treated securely and in accordance with this Policy and applicable law.

For users in the European Economic Area, please see the EU / GDPR section below for information about cross-border data transfers and applicable safeguards.

We retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it — including as long as your account remains open or as needed to comply with legal, regulatory, tax, accounting, or reporting obligations.

We may retain data for a longer period if we believe it may be needed to enforce or defend our legal rights, or if we have received a complaint or anticipate litigation.

To determine the appropriate retention period, we consider: the amount and sensitivity of the data, the risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and applicable legal obligations.

We have implemented appropriate technical and organizational security measures to protect the security and integrity of personal data we process. Access to your personal data is limited to those with a legitimate business need, who process it only on our instructions and under confidentiality obligations.

However, no transmission over the internet or electronic storage technology can be guaranteed to be completely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures.

You also play an important role in keeping your information safe: use a strong password, do not share your login credentials, and avoid accessing the Site on public or unsecured Wi-Fi.

If we suspect that there has been a security incident involving your personal data, we will notify you and any applicable regulator where legally required.

You always have the right to opt out of our marketing or promotional communications by clicking the "unsubscribe" link in any marketing email or contacting us directly.

Depending on your location, you may have additional rights:

United States — Virginia (VCDPA) & Texas (TDPSA)

• —Right to Know — confirm whether we process your personal data.
• —Right to Access — obtain a copy of your personal data we hold.
• —Right to Correct — ask us to correct inaccuracies in your personal data.
• —Right to Delete — ask us to delete personal data we have collected about you.
• —Right to Data Portability — request a copy of your personal data in a readily usable format.
• —Right to Opt Out — opt out of the sale of, targeted advertising using, or profiling based on your personal data.

California Residents

California's "Shine the Light" law permits you to request information about our disclosure of personal data to third parties for their direct marketing purposes. Submit such requests to [email protected].

Exercising Your Rights

You may exercise your privacy rights up to twice per calendar year by:

• —emailing [email protected] with "Data Privacy Rights" in the subject line; or
• —sending a written request to our mailing address below.

To verify your identity, we may ask you to provide information previously provided to us that we can match against our records. We will generally respond within 45 days, extendable by a further 45 days where necessary.

Our Services are not directed at anyone under 18 years of age. We do not intentionally collect personal data from anyone under 18. If we learn that we have collected personal data from someone under 18, we will attempt to delete that data as soon as possible.

If you believe we may have personal data from a child under 18, please contact us at [email protected].

This section applies to users accessing the Site from the European Union or European Economic Area.

Data Controller

Snoopi, Inc. is the controller of personal data collected through the Site and Services. For any questions or to exercise your rights, contact us at [email protected].

International Transfers

We are headquartered in the United States. Personal data may be transferred to and stored in countries outside the EEA that may not offer the same level of data protection as your home country. We ensure appropriate safeguards are in place — including EU Standard Contractual Clauses approved by the European Commission — for any transfers outside the EEA. Contact us if you would like further information about the specific mechanism used for your data.

Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

• —Right to Access — receive a copy of the personal data we hold about you and verify lawful processing.
• —Right to Rectification — have incomplete or inaccurate personal data corrected.
• —Right to Erasure ("right to be forgotten") — ask us to delete personal data where we have no valid reason to continue processing it.
• —Right to Restrict Processing — request that we suspend processing in certain circumstances.
• —Right to Data Portability — receive your personal data in a structured, machine-readable format.
• —Right to Object — object to processing based on legitimate interests or for direct marketing purposes.
• —Right to Withdraw Consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of the above rights, email [email protected] with the subject line "GDPR DSAR". We will generally respond within 30 days, extendable by a further 30 days for complex requests.

No fee is generally charged for exercising your rights, unless your request is manifestly unfounded, repetitive, or excessive.

Right to Lodge a Complaint

You have the right to lodge a complaint with the data protection supervisory authority in the EU Member State of your residence, your place of work, or where an alleged infringement occurred. We would appreciate the opportunity to address your concerns first — please contact us before lodging a formal complaint.