Privacy Policy
Last updated: April 12, 2026
SnapSignal (“we”, “us”, or “our”) is committed to protecting the privacy of our customers (“Customers”) and the end users of our customers’ products (“End Users”). This policy explains what data we collect, how we use it, and your rights.
SnapSignal operates in two distinct modes: Analysis Mode (reading your website or codebase to generate funnel previews) and Analytics Mode (collecting behavioral data from your app’s end users to populate your dashboard). Both are explained below.
1. Our Role: Data Processor vs. Data Controller
Under applicable data protection laws including GDPR and CCPA:
- You (the Customer) are the Data Controller for end-user behavioral data collected through our tracking mechanism. You determine what is collected and why.
- SnapSignal is the Data Processor for that behavioral data — we process it only on your behalf, to generate the funnel analytics and dashboards you requested.
- For data about you as a Customer (contact info, account data), SnapSignal acts as Data Controller.
You are responsible for having a lawful basis to collect behavioral data from your end users and for disclosing SnapSignal’s involvement in your own privacy policy.
2. Analysis Mode — Website and Codebase
When you enter your app’s URL or share your codebase for analysis, the following applies:
What we access
- Publicly accessible pages of your website (page structure, navigation, visible text content)
- Codebase files you explicitly provide — limited to files relevant to identifying user flows such as routes, page components, and API handlers
Your code remains yours — always
Your codebase is your intellectual property. SnapSignal does not copy, retain, reproduce, sell, share, or claim any ownership over any part of your code. We do not use your code to train AI models. No human at SnapSignal reads your code — analysis is fully automated. Your code is processed in memory for the duration of the session and permanently discarded once analysis is complete. Providing your code for analysis does not transfer any intellectual property rights to SnapSignal whatsoever.
- No code files or snippets are saved to persistent storage at any time
- The funnel outputs and event suggestions generated from your code belong entirely to you
- We access website content only through publicly available URLs — we do not access pages behind authentication, paywalls, or private networks
3. Analytics Mode — End-User Behavioral Data
SnapSignal generates tracking code (delivered as an AI-ready prompt or a GitHub pull request) that you can install in your app. If you merge this code into your production environment, the tracking mechanism becomes active and will begin sending behavioral event data to SnapSignal’s servers.
By merging the SnapSignal-generated tracking code into your production codebase, you explicitly consent to SnapSignal collecting and storing behavioral event data from your end users, for the purpose of generating funnel graphs and analytics results in your SnapSignal dashboard.
What behavioral data we collect
- Named events as defined in your tracking plan (e.g.,
page_viewed,signup_completed,checkout_initiated) - Event timestamps and anonymous session identifiers
- Anonymous user identifiers (randomly generated — not linked to real names or emails unless you explicitly send them)
- Event properties you configure (e.g., plan type, page name, button label)
- Device type, browser type, and approximate geographic region derived from IP address — raw IP addresses are not stored
What we do not collect
- We do not intentionally collect names, email addresses, phone numbers, or other directly identifying information unless you explicitly include them as event properties
- We do not collect financial data, health data, government ID numbers, or passwords
- We strongly advise against sending PII as event properties
Why we must store behavioral data
Unlike Analysis Mode (which is stateless), Analytics Mode requires persistent data storage. We store behavioral event data because it is the only way to compute funnel conversion rates, drop-off percentages, user journey paths, and trends over time. Without storing this data, the dashboard cannot display results. We store only what is necessary to provide the analytics Service.
Your obligations as a Customer
Since you are the Data Controller for your end users’ data, you must:
- Disclose the use of SnapSignal tracking in your own privacy policy
- Obtain any consent required from your end users under applicable law before tracking begins
- Ensure you have a lawful basis for collecting behavioral data from your users
- Not configure the tracking mechanism to send sensitive personal data, health information, financial account details, or authentication credentials
Data retention
Behavioral event data is retained for as long as your SnapSignal account remains active. Upon account termination or upon written request, we will delete all behavioral event data associated with your account within 30 days.
4. Information We Collect About You as a Customer
- Contact information — Name and email address provided when you reach out or request access
- Usage data — Anonymized data about how you use the SnapSignal dashboard
- Communication records — Onboarding call notes or email exchanges
We use this to provide and improve the Service, respond to inquiries, and send relevant product updates. We never sell this information.
5. How We Share Data
We do not sell or share your data or your end users’ behavioral data for third-party commercial purposes. Limited sharing occurs only in these circumstances:
- Infrastructure providers — Cloud hosting and data storage providers who process data on our behalf under written data protection agreements
- Legal compliance — When required by law, court order, or regulatory authority
- Business transfers — In connection with a merger or acquisition, subject to the same data protection obligations
6. Security
- All data in transit is encrypted using TLS
- Behavioral event data is encrypted at rest
- Access to production systems is restricted to authorized personnel only
- We maintain access logs and monitor for unauthorized access attempts
Do not send credentials, API keys, private keys, or other secrets through the Service.
7. GDPR, CCPA, and Global Privacy Laws
- You are the Data Controller; SnapSignal is the Data Processor for end-user behavioral data
- We will enter into a Data Processing Agreement (DPA) with you upon request
- End users have the right to access, correct, or delete their data — submit requests to us and we will respond within 30 days
- We do not sell personal information as defined under CCPA
- If an end user opts out of tracking through your consent management mechanism and you configure the tracking code accordingly, no further events will be sent for that user
- Data transfers outside the EEA are conducted under appropriate safeguards including Standard Contractual Clauses where required
8. Cookies
SnapSignal’s own website uses essential session cookies only. The tracking mechanism installed in your app may use cookies or local storage to maintain anonymous session identifiers — this should be reflected in your own cookie policy and consent banner.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by updating the “Last updated” date. Where appropriate, active customers will be notified directly.
10. Contact
Privacy questions, data subject requests, or DPA inquiries: victor@snapsignal.io
© 2026 SnapSignal. All rights reserved.