Privacy Policy

Last updated: June 2026

1. Who We Are

Snoopt is operated by Jan Lohmer, a private individual based in Spain (Carrer de Bartomeu Xamena 22, 07610 Palma, Spain). We are the data controller for the personal data processed through snoopt.com and app.snoopt.com.

For all privacy-related enquiries, contact us at: hello@snoopt.com

2. What Data We Collect

Account data

• Email address — required to create and identify your account
• Password — stored as a one-way bcrypt hash; we never see your plaintext password
• Language preference — stored to personalise AI-generated content and emails
• Invitation code — the code used to register and your personal referral code
• Email verification status — whether your email address has been confirmed

Service usage data

• The competitor domains and URLs you add to your watchlist
• Your crawl configuration and page selections
• Timestamps of your last activity

Technical data

• Server access logs (IP address, request timestamps, HTTP status codes) — retained for up to 90 days
• Authentication tokens stored as secure session cookies

We do not use advertising trackers or marketing pixels. The snoopt.com marketing website uses Google Analytics with your prior consent (see section 7). No analytics are collected on app.snoopt.com.

3. Why We Process Your Data

We process your personal data for the following purposes and on the following legal bases:

• Providing the service (legal basis: contract) — operating your account, running crawls, generating AI insights, and sending daily digest emails
• Email verification (legal basis: contract) — confirming your email address before granting access
• Password resets (legal basis: contract) — enabling you to recover account access
• Analytics (legal basis: consent) — understanding how visitors use the marketing website via Google Analytics, only after you have given consent
• Security and fraud prevention (legal basis: legitimate interest) — protecting accounts, detecting abuse, and maintaining service integrity
• Legal compliance (legal basis: legal obligation) — retaining records as required by applicable law

4. Who We Share Your Data With

We share minimal data with the following processors, all bound by data processing agreements:

• Anthropic, Inc. (USA) — AI analysis of competitor page changes. The content of monitored competitor websites (not your personal data) is sent to Anthropic's API. Transfer is covered by Standard Contractual Clauses (EU Commission Decision 2021/914). Anthropic Privacy Policy
• IONOS SE (Germany, EU) — server hosting and email delivery (smtp.ionos.de). Processes your email address to deliver transactional emails. IONOS Privacy Policy
• Google Ireland Limited (Ireland, EU) — Google Analytics 4, only when you have given consent. Anonymised usage data (pages visited, session duration, traffic source) may be transferred to Google LLC servers in the USA under Standard Contractual Clauses. Google Privacy Policy

We do not sell your personal data. We do not share it with any other third parties.

5. International Data Transfers

Your account data is stored on servers in the EU (IONOS, Germany). Content of monitored competitor pages is processed by Anthropic in the USA. Anonymised analytics data may be processed by Google in the USA if you give consent. All transfers to the USA are safeguarded by Standard Contractual Clauses as adopted by the European Commission.

6. How Long We Keep Your Data

• Account data — retained for as long as your account is active. Deleted within 30 days of account deletion upon request.
• Server logs — automatically purged after 90 days
• Email verification and password reset tokens — deleted after use or after expiry
• Competitor content and screenshots — retained per your subscription; oldest entries are pruned automatically

7. Cookies and Local Storage

Strictly necessary

snoopt_token — authentication cookie set on app.snoopt.com when you log in. Required for the service to function. No consent required.

cookie_consent — stored in your browser's localStorage to remember your analytics consent choice. Contains only "accepted" or "declined". No consent required.

Analytics (consent required)

If you click "Accept analytics" in the cookie banner, Google Analytics 4 is loaded on snoopt.com and sets the following cookies:

• _ga — distinguishes unique visitors, expires after 2 years
• _ga_M1W6GFR2GR — session state for this property, expires after 2 years

IP addresses are anonymised before processing. No analytics cookies are ever set on app.snoopt.com.

Withdraw consent: Clear your browser's localStorage for snoopt.com or use the Google Analytics opt-out add-on: tools.google.com/dlpage/gaoptout. After withdrawal, analytics cookies will no longer be set on your next visit.

8. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your account and personal data
• Restriction — ask us to limit how we use your data in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest

To exercise any of these rights, email us at hello@snoopt.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the Spanish data protection authority:

Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6 · 28001 Madrid, Spain
www.aepd.es

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email. The date at the top of this page reflects the most recent revision.

11. Contact

For any questions about this Privacy Policy or your personal data:
hello@snoopt.com