SnapBlog Privacy Policy

Last updated: 05/09/2025

1. Introduction

SnapBlog Tecnologia Ltda. ("SnapBlog", "we", or "our") values transparency and respects the privacy of users ("User" or "you"). This Policy describes how we collect, use, share, store, and protect your personal data when you access or use our AI-powered blog automation SaaS platform, with or without Instagram integration.

2. Definitions and Parties

  • Controller – SnapBlog, responsible for decisions regarding the processing of personal data.
  • DPO/Data Protection Officer – Professional appointed to act as a communication channel between SnapBlog, data subjects, and the ANPD: dpo@snapblog.ai.
  • Personal Data – Information related to an identified or identifiable natural person (e.g., name, email, IP).
  • Sensitive Personal Data – Data revealing racial origin, religious beliefs, political opinions, biometrics, etc.
  • User – Physical or legal person who creates an account or uses the Service.
  • Subprocessor – Third party contracted to assist in data processing, listed at https://snapblog.ai/subprocessors.

3. What Data We Collect

Category Examples Source Mandatory
Account Name, email, hashed password, phone Direct registration Required to create account
Instagram Account ID, posts, images, metrics, hashtags Instagram API (OAuth) Optional (when User connects)
Platform Usage Pages visited, clicks, session time Cookies, analytics scripts Legitimate interest
Billing CNPJ, company name, address, card data (tokenized) Payment form Mandatory for paid plans
Support Attachments, screenshots, logs Support tickets Contractual
AI-Generated Data Articles, images, metadata AI Models Automated processing

Note: We do not request Sensitive Personal Data. If provided by the User, they will be processed based on specific legal grounds or eliminated.

4. Legal Bases for Processing (Art. 7 LGPD / Art. 6 GDPR)

  • Contract performance – Necessary to provide the Service.
  • Legitimate interest – Platform improvement, fraud prevention.
  • Consent – Instagram integration, direct email marketing.
  • Compliance with legal/regulatory obligation – Issuance of invoices, responses to authorities.

5. Purposes of Use

  • Operate and maintain functionalities;
  • Generate blog content via AI;
  • Personalize experience (e.g., language, layout);
  • Communicate updates, offers, and support;
  • Analyze metrics and prevent fraud;
  • Comply with legal and regulatory obligations.

6. Sharing and Subprocessors

We share data only with:

  • Cloud service providers, email, payments, and AI;
  • Analytics partners (Google Analytics, Mixpanel) – anonymized use;
  • Authorities when required by law or court order;
  • Corporate transfers (merger, acquisition), ensuring continuity of protections.

The updated list of subprocessors and their purposes is available and reviewed at least annually. We will send a 30-day advance notice before adding a new subprocessor.

7. International Transfers

Main servers are located in Brazil and the us-east-1 region (USA). When transferring data outside Brazil or the EEA, we adopt standard contractual clauses from the European Commission or equivalent mechanisms, as required by LGPD and GDPR.

8. Data Subject Rights

You have the right to:

  • Confirmation of the existence of processing;
  • Access to data;
  • Correction of incomplete or outdated data;
  • Anonymization, blocking, or elimination;
  • Portability to another provider;
  • Information about sharing;
  • Withdrawal of consent;
  • Review of automated decisions.

How to Exercise Them

Send an email to the DPO. We will respond within 15 days.

9. Cookies and Tracking Technologies

We use essential, performance, and advertising cookies. You can manage preferences in the cookie banner or via your browser. Disabling essential cookies may limit functionalities.

10. Data Retention

Type of data Retention period
Active accounts As long as the contractual relationship lasts
AI-generated content 24 months (extendable by contract)
Access logs 6 months (art. 15 of the Brazilian Internet Civil Rights Framework)
Fiscal data 5 years after subscription termination
Backups Up to 30 days

After the period, data is anonymized or securely deleted.

11. Information Security

We implement ISO 27001-inspired controls, TLS 1.3 encryption in transit, encrypted storage (AES-256), strong password policy, optional MFA, periodic access review, and an Incident Response Program with a notification SLA of up to 72 hours for relevant events.

12. Children and Adolescents

The Platform is not intended for users under 13 years of age. We do not intentionally collect data from children. If we identify such collection, we will delete the data immediately.

13. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices. We recommend that you read the policies of each third-party service.

14. Changes to This Policy

We may update this Policy at any time. If there are material changes, we will send a notice via email and/or in-app notification with at least 30 days' advance notice. Continued use after the effective date constitutes acceptance.

15. Contact

For questions, requests, or complaints:

SnapBlog Tecnologia Ltda.

CNPJ 00.000.000/0001-00

Rua Exemplo, 123 – São Paulo/SP – CEP 00000-000

General email: suporte@snapblog.ai

DPO: dpo@snapblog.ai

If you believe we have not resolved your request, you may appeal to the ANPD or other consumer protection agency.

© 2025 SnapBlog Tecnologia Ltda. All rights reserved.