Last updated: 13 July 2026
This Privacy Policy explains what personal data Snipbud, operated by apoiolabs ("we", "us", "our"), collects, how we use and share it, and the choices and rights you have. It applies to the Snipbud website, dashboard, APIs, and companion apps (the "Service").
apoiolabs provides Snipbud, a service for uploading images and getting shareable links. For the personal data described here, apoiolabs is the data controller. You can reach us at hello@apoiolabs.com.
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, hashed password, account type (personal or team), plan, and account timestamps | You, at signup |
| Verification data | A temporary, hashed email verification code and, for password resets, a hashed single-use token | Generated by us |
| Content and metadata | Images you upload, and metadata such as file name/key, size, content type, visibility, upload and edit times | You, when you upload |
| Team data | Organization name, membership, roles, invitations, and an optional custom domain | You and team members |
| Billing data | Plan, subscription status, and a payment-provider subscription identifier. Payments are handled by PayPal; we do not store full card numbers | You and our payment provider |
| Technical and usage data | IP address, request logs, approximate location derived from IP, device and browser information, and rate-limiting counters | Automatically |
| Session and preference data | An authentication session cookie and a workspace-context cookie | Automatically |
We do not sell your personal data, and we do not use it for third-party behavioral advertising.
We use a small number of strictly necessary cookies and do not use advertising or cross-site tracking cookies:
snipbud_session: keeps you signed in. It is an HttpOnly cookie holding a random token whose hash is stored server-side; it is a session cookie unless you choose "remember me", in which case it persists for up to 30 days.snipbud_ctx: remembers which workspace (personal or a specific team) you are viewing.Our bot-protection provider (Cloudflare Turnstile) may set or read a token on sign-in and signup pages to tell humans from bots. Because these cookies are essential to providing and securing the Service, they do not require consent in most jurisdictions.
We share data only with service providers ("processors") that help us run Snipbud, under agreements that limit their use of the data, and where required by law:
| Provider | Purpose | Data involved |
|---|---|---|
| Cloudflare | Hosting, object storage (R2), database (D1), content delivery, and bot protection (Turnstile) | Content, account and technical data, IP addresses |
| PayPal | Subscription payments | Billing identifiers and the information you provide to PayPal directly |
| Email delivery provider (Resend) | Sending verification codes, password resets, and invitations | Your email address and message contents |
We may also disclose data to comply with a valid legal request, to enforce our Terms, to protect the rights, safety, and security of our users, the public, or apoiolabs, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in how your data is handled).
Images marked public are accessible to anyone who has the link, without signing in, and may be cached or indexed by third parties. Images marked private are served only to you (and, for Team images, to the Team according to its settings). Do not upload personal data of others that you are not permitted to share. Choosing the right visibility is your responsibility; treat a public link as public.
We take reasonable technical and organizational measures to protect your data. Passwords are stored using salted PBKDF2 hashing and are never stored in plain text; session and reset tokens are stored only as hashes; traffic is encrypted in transit using HTTPS; and access to production systems is limited. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Keep your password confidential and enable "remember me" only on devices you trust.
Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area and the United Kingdom have these rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them (note that we do not sell or share personal data as those terms are defined there). To exercise a right, contact us at the address below; we may need to verify your identity, and we will respond within the time required by applicable law. You may also lodge a complaint with your local data protection authority.
We and our providers may process data in countries other than yours, including the United States. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) to protect data transferred across borders.
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
We may update this Policy from time to time. We will update the "Last updated" date and, for material changes, provide notice through the Service or by email. Your continued use of the Service after a change takes effect means you accept the updated Policy.
For privacy questions or to exercise your rights, contact us at hello@apoiolabs.com.