snipbud ← Back to app

Privacy Policy

Last updated: 13 July 2026

This Privacy Policy explains what personal data Snipbud, operated by apoiolabs ("we", "us", "our"), collects, how we use and share it, and the choices and rights you have. It applies to the Snipbud website, dashboard, APIs, and companion apps (the "Service").

In short: we collect the minimum needed to run an image-hosting service, an account (your email and a hashed password), the images and metadata you upload, and basic technical logs. We do not sell your personal data and we do not run third-party advertising trackers. We use a small number of processors (hosting, payments, email, bot protection) to operate the Service.

1. Who we are

apoiolabs provides Snipbud, a service for uploading images and getting shareable links. For the personal data described here, apoiolabs is the data controller. You can reach us at hello@apoiolabs.com.

2. Data we collect

CategoryExamplesSource
Account dataEmail address, hashed password, account type (personal or team), plan, and account timestampsYou, at signup
Verification dataA temporary, hashed email verification code and, for password resets, a hashed single-use tokenGenerated by us
Content and metadataImages you upload, and metadata such as file name/key, size, content type, visibility, upload and edit timesYou, when you upload
Team dataOrganization name, membership, roles, invitations, and an optional custom domainYou and team members
Billing dataPlan, subscription status, and a payment-provider subscription identifier. Payments are handled by PayPal; we do not store full card numbersYou and our payment provider
Technical and usage dataIP address, request logs, approximate location derived from IP, device and browser information, and rate-limiting countersAutomatically
Session and preference dataAn authentication session cookie and a workspace-context cookieAutomatically

3. How we use data

We do not sell your personal data, and we do not use it for third-party behavioral advertising.

4. Legal bases (where GDPR or similar law applies)

5. Cookies and similar technologies

We use a small number of strictly necessary cookies and do not use advertising or cross-site tracking cookies:

Our bot-protection provider (Cloudflare Turnstile) may set or read a token on sign-in and signup pages to tell humans from bots. Because these cookies are essential to providing and securing the Service, they do not require consent in most jurisdictions.

6. Who we share data with

We share data only with service providers ("processors") that help us run Snipbud, under agreements that limit their use of the data, and where required by law:

ProviderPurposeData involved
CloudflareHosting, object storage (R2), database (D1), content delivery, and bot protection (Turnstile)Content, account and technical data, IP addresses
PayPalSubscription paymentsBilling identifiers and the information you provide to PayPal directly
Email delivery provider (Resend)Sending verification codes, password resets, and invitationsYour email address and message contents

We may also disclose data to comply with a valid legal request, to enforce our Terms, to protect the rights, safety, and security of our users, the public, or apoiolabs, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you of any change in how your data is handled).

7. Your images and visibility

Images marked public are accessible to anyone who has the link, without signing in, and may be cached or indexed by third parties. Images marked private are served only to you (and, for Team images, to the Team according to its settings). Do not upload personal data of others that you are not permitted to share. Choosing the right visibility is your responsibility; treat a public link as public.

8. Retention and deletion

9. Security

We take reasonable technical and organizational measures to protect your data. Passwords are stored using salted PBKDF2 hashing and are never stored in plain text; session and reset tokens are stored only as hashes; traffic is encrypted in transit using HTTPS; and access to production systems is limited. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. Keep your password confidential and enable "remember me" only on devices you trust.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area and the United Kingdom have these rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them (note that we do not sell or share personal data as those terms are defined there). To exercise a right, contact us at the address below; we may need to verify your identity, and we will respond within the time required by applicable law. You may also lodge a complaint with your local data protection authority.

11. International transfers

We and our providers may process data in countries other than yours, including the United States. Where required, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) to protect data transferred across borders.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this Policy

We may update this Policy from time to time. We will update the "Last updated" date and, for material changes, provide notice through the Service or by email. Your continued use of the Service after a change takes effect means you accept the updated Policy.

14. Contact

For privacy questions or to exercise your rights, contact us at hello@apoiolabs.com.