Back to home

Privacy Policy

Last updated: April 11, 2026

Snapile (“we”, “us”) helps you create digital photo albums. This policy explains what we collect, why, and what control you have. We try to keep it short and plain.

What we collect

  • Account info. When you sign up we store your email or phone number, username, display name, and (optionally) profile photo.
  • Photos and album content. Anything you upload — photos, captions, page layouts — is stored so we can render your albums. We strip GPS and other EXIF metadata from images on upload so private location data is never shared.
  • Usage data. Standard server logs (IP address, browser, request paths). Used for security, abuse prevention, and debugging.
  • Country (approximate). We detect your country from your IP address to prefill the dial code on the phone-login form and to tailor album prompt suggestions. We do not use precise GPS location and never request the browser geolocation permission.
  • Billing.If you upgrade to a paid plan, payments are processed by Stripe. Stripe receives your card details directly — we never see them. We store your Stripe customer ID and subscription status so we know which plan you’re on.

How we use it

  • To run the product: store and display your albums, log you in, enforce storage quotas.
  • To generate AI-assisted layouts when you opt in to use them.
  • To process subscription payments and prevent fraud.
  • To respond to abuse reports and security incidents.

We do not sell your data. We do not show you ads. We do not train AI models on your photos.

Who we share with

  • Subprocessors we rely on to run the service: Supabase (database), Cloudflare R2 (image storage), Firebase Authentication (login), Stripe (payments), Cloudflare Workers AI / Anthropic / OpenAI (AI features), Vercel (hosting), Railway (backend hosting). Each only receives the data needed to do its job.
  • Public album viewers. If you mark an album as public or unlisted, anyone with the link can view it. Private albums are only visible to you and explicit collaborators you add.
  • Law enforcement if we receive a valid legal request.

Cookies

We use a single, strictly-necessary cookie (auth_token) to keep you logged in. It is HTTP-only, secure, SameSite=strict, and expires after 30 days. We don’t use analytics or advertising cookies.

Your rights

You can at any time:

  • View, edit, or delete any photo, album, or page you’ve created.
  • Delete your account, which permanently removes your photos, albums, and personal data from our active systems.
  • Export a copy of your albums (contact us if you need help with this).
  • Cancel a paid subscription from your billing page; you’ll keep access until the end of the current period.

If you’re in the EU/UK, you also have rights under GDPR including access, correction, portability, and erasure. Email us to exercise them.

Retention

We keep your account data for as long as your account is active. When you delete your account, your photos and albums are removed from active storage immediately and from backups within 30 days. Server logs are retained for up to 90 days.

Children

Snapile is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from them. If you believe a child has signed up, contact us and we’ll remove the account.

Changes to this policy

If we make material changes, we’ll update the “Last updated” date and (where appropriate) notify signed-in users by email or in-app banner.

Contact

Questions, requests, or complaints? hello@snapile.com

See also: Terms of Service