Privacy Policy

Data Controller

Cloonar Technologies GmbH
Linzer Straße 192/1/2
1140 Wien, Austria
Email: privacy@cloonar.com

This privacy policy applies to the SnapAPI service provided at https://snapapi.eu.

Last updated: February 19, 2026

1. Data We Collect

Account Data

  • Email address: Required for account creation and API key management
  • Payment information: Processed by Stripe (not stored on our servers)
  • Usage data: API call counts, timestamps, subscription status

Technical Data

  • IP addresses: Logged for security, rate limiting, and SSRF protection
  • URLs submitted: The URLs you request to be captured (not stored permanently)
  • Request metadata: API endpoints called, response codes, processing time
  • Error logs: Technical errors for debugging (no personal data)

What We DON'T Collect

  • Screenshots: Generated images are returned to you immediately and not stored
  • Cookies: Only essential session cookies for account management
  • Analytics: No third-party analytics, tracking pixels, or behavioral tracking

2. Legal Basis & Purposes

Contractual Necessity (Art. 6(1)(b) GDPR)

  • Processing API requests and generating screenshots
  • Account management and authentication
  • Billing and subscription management
  • Customer support

Legitimate Interests (Art. 6(1)(f) GDPR)

  • Security monitoring and fraud prevention
  • Rate limiting and abuse prevention
  • Service optimization and technical improvements
  • SSRF protection (blocking internal network access)

Legal Compliance (Art. 6(1)(c) GDPR)

  • Tax and accounting records (Austrian business law)
  • Data retention for legal purposes

3. Data Sharing & Third Parties

Service Providers

  • Hetzner Cloud (Germany): EU hosting infrastructure
  • Stripe: Payment processing (GDPR compliant)

What We Never Share

  • Personal data with advertisers or data brokers
  • Usage patterns or analytics data
  • Customer lists or contact information
  • Any data outside the European Union

All data processing happens exclusively within the EU. No data transfers to third countries.

4. Data Retention

Active Accounts

  • Account data: Kept while your account is active
  • Usage logs: 12 months for billing and support
  • Payment records: 7 years (Austrian tax law)

Deleted Accounts

  • Personal data: Deleted within 30 days of account closure
  • Anonymized data: Usage statistics (no personal identifiers)
  • Legal records: Tax records retained per legal requirements

Request Data

  • Screenshots: Generated and returned immediately, never stored
  • URLs requested: Temporarily processed, not permanently stored
  • IP addresses: Logged for 30 days for security purposes

5. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Access: Get a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and personal data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@cloonar.com. We'll respond within 30 days.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).

6. Security

  • Encryption: All data in transit uses TLS 1.3
  • EU hosting: All servers located in Germany (Hetzner Cloud)
  • Access control: Minimal access on need-to-know basis
  • SSRF protection: Automatic blocking of internal network requests
  • Rate limiting: Prevents abuse and ensures service availability
  • No data exports: Zero data transfers outside the EU

7. Cookies

We use minimal cookies:

  • Session cookies: Essential for account login (deleted when you close browser)
  • No tracking: No advertising, analytics, or third-party cookies
  • No consent required: Only essential cookies used

8. Children's Privacy

SnapAPI is not intended for use by children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided personal data, please contact us and we will delete it immediately.

9. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via email. Continued use of the service constitutes acceptance of the updated policy.

10. Contact

Data Protection Contact:
privacy@cloonar.com

General Contact:
info@cloonar.com

Postal Address:
Cloonar Technologies GmbH
Linzer Straße 192/1/2
1140 Wien, Austria

← Back to SnapAPI