Privacy Policy
Last updated: February 2026
1. Data Controller
Snippital is operated by [Your Name]. If you have questions about this privacy policy or your personal data, please contact us at [CONTACT_EMAIL].
2. Personal Data We Collect
We collect the following personal data when you use Snippital:
- Account information: email address, password (hashed), and optionally a phone number for two-factor authentication
- User-generated content: code snippets (title, code, description, language), tags, and collections you create
- Technical data: authentication tokens and session identifiers necessary for the service to function
3. How We Use Your Data
We use your personal data exclusively for:
- Service delivery: storing and displaying your code snippets, tags, and collections
- Account management: authentication, email verification, and password recovery
- Security: protecting your account and data from unauthorised access
We do not use your data for advertising, profiling, or any purpose other than providing the Snippital service.
4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6:
- Contract performance (Art. 6(1)(b)): processing necessary to provide the Snippital service you signed up for
- Legitimate interest (Art. 6(1)(f)): security measures to protect accounts and infrastructure
- Consent (Art. 6(1)(a)): where applicable, such as for optional communications
5. Cookies & Local Storage
Snippital uses a minimal number of cookies and local storage items, all of which are necessary for the service to function. We do not use any analytics, tracking, or advertising cookies.
Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled.
| Name | Purpose | Duration |
|---|---|---|
.AspNetCore.Identity.Application |
Authentication session cookie — keeps you logged in | Session or 7 days (if "Remember me" is checked) |
.AspNetCore.Antiforgery.* |
CSRF protection — prevents cross-site request forgery attacks | Session |
snippital-cookie-consent |
Records your cookie consent preference so the banner is not shown again | 1 year |
Functional Storage
These items store user-initiated preferences and are exempt from consent requirements under the ePrivacy Directive as they are strictly necessary for a service explicitly requested by the user.
| Name | Type | Purpose | Duration |
|---|---|---|---|
snippital-theme |
localStorage | Stores your light/dark theme preference | Persistent (until cleared) |
snippital-cta-dismissed |
localStorage | Records when you dismissed the upgrade prompt so it is not shown again immediately | 7 days |
6. Third-Party Processing
We use the following third-party service:
- MailerSend: for transactional email delivery only (account verification, password reset). No marketing emails are sent. MailerSend processes your email address solely for the purpose of delivering these messages.
7. Data Retention
- Active accounts: your data is retained for as long as your account exists
- Account deletion: when you delete your account, all associated data (snippets, tags, collections, and personal information) is permanently removed via cascade delete
8. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: you can download your personal data at any time
- Right to erasure: you can delete your account and all associated data
- Right to rectification: you can update your account information at any time
- Right to data portability: your data download is provided in a machine-readable format
- Right to object: since we do not process data for marketing or profiling, this right is inherently satisfied
9. Data Security
We implement the following security measures to protect your data:
- Encryption at rest: all snippet data is encrypted using AES-256 with per-user encryption keys
- Encryption in transit: all communication is secured via HTTPS
- Cookie security: authentication cookies are HttpOnly, Secure, and SameSite=Lax
- CSRF protection: antiforgery tokens prevent cross-site request forgery
- Password security: passwords are hashed and never stored in plain text
10. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this policy periodically.
11. Contact
If you have any questions or concerns about this privacy policy or how we handle your data, please contact us at [CONTACT_EMAIL].