Privacy Policy

Introduction

This Privacy Policy describes how ${COMPANY} ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you use SnapLexicon (the "App," "Service," or "Platform").

We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy complies with applicable data protection laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy regulations.

Data We Collect

2.1 Account Information

• Name (first name, last name, username)
• Email address
• Password (stored as a secure cryptographic hash — we never store your plaintext password)
• Profile image (if you choose to upload one)
• Bio and profile details (optional)

2.2 Location Data

• Device GPS Location: With your explicit permission, we may access your precise GPS location to provide location-specific plant identification, climate zone information, regional vendor recommendations, and other geographically relevant features.
• IP-derived Location: We automatically collect your IP address, from which we derive approximate location data (country, region, city) for service delivery, fraud prevention, and compliance purposes.
• User-provided Location: Location information you voluntarily provide in projects, profiles, or during use (such as entering a city for event planning).
• Location in AI Context: Location context (such as your country or climate zone) may be included in requests sent to AI providers to improve the accuracy and relevance of AI responses.

2.3 Device & Technical Data

• IP address — collected with every request to our servers
• Device type, model, and operating system version
• App version
• Device identifiers (where permitted by platform policies)
• Browser type and version (for web users)
• Time zone and language settings
• Network information

2.4 Usage & Activity Data

• Features you use and when you use them
• Credits consumed per feature and session
• AI identification requests and responses
• Projects created, edited, and deleted
• Snapped images and identification results
• AI chat messages within projects
• Search queries within the app
• Vendor interactions and clicks
• PDF reports generated
• Login timestamps, frequency, and session durations
• Error logs and crash reports

2.5 Payment & Transaction Data

• Transaction history (amounts, dates, products purchased)
• Payment method type (we do not store full card numbers)
• Stripe customer ID (for web payments)
• Apple or Google transaction identifiers (for IAP)
• Refund and dispute history
• Credit balance and usage history

2.6 Content You Submit

• Photos and images you snap or upload
• Text inputs for identification or design projects
• AI chat messages and conversation history
• Project details, descriptions, and notes
• Feedback and reports submitted via the reporting system

2.7 Communication Data

• Emails you send to our support team
• Feedback or bug reports submitted through the app

How We Collect Data

We collect data through the following methods:

• Direct submission: When you register, fill in forms, or communicate with us
• Automatic collection: As you use the App, including through cookies, server logs, and analytics tools
• Device permissions: Camera, photo library, and location access (when you grant these permissions)
• Payment processors: Transaction data from Stripe, Apple, and Google
• Third-party services: Analytics and service monitoring providers

AI Data Processing & Third-Party AI Providers

4.1 What Content Is Sent to AI Providers

Depending on the feature you use, we may transmit the following to our AI service providers:

• Images you snap or upload (for identification, design, or editing)
• Text prompts and descriptions you provide
• Location context (such as your country or climate zone) when relevant to improve AI accuracy
• Project context (such as room dimensions, event type, or budget range)
• AI chat message history within a session
• Identification requests including the item being identified

4.2 AI Service Providers We Use

We currently use and may in the future use AI services from providers including but not limited to:

• OpenAI (GPT models, DALL-E image generation) — Privacy policy: openai.com/privacy
• Anthropic (Claude models) — Privacy policy: anthropic.com/privacy
• Google AI (Gemini, Vision AI) — Privacy policy: policies.google.com/privacy
• Other AI providers as we deem appropriate, which will be added to this list as applicable

We reserve the right to use any AI service provider we deem appropriate to deliver the best possible service. We select providers who maintain acceptable data processing standards.

4.3 How AI Providers Handle Your Data

Each AI provider has its own data handling policies. Generally, we use API access to these services, which typically means your data is used to generate a response but is not used to train their models without explicit consent. However, you should review each provider's API data usage policies for complete information.

4.4 No Sensitive AI Data Storage

We do not permanently store raw images submitted for AI identification beyond what is necessary to deliver the service result, unless you save them as part of a project. AI chat histories may be stored to maintain session context and improve service quality.

How We Use Your Data

We use collected data for the following purposes:

5.1 Service Delivery

• Creating and managing your account
• Processing AI identification and design requests
• Providing vendor recommendations relevant to your location and projects
• Generating and storing PDF reports
• Tracking and managing credits and subscriptions

5.2 Security & Fraud Prevention

• Detecting and preventing fraudulent activity and payment abuse
• Verifying service delivery for payment dispute resolution
• Monitoring for suspicious account behavior
• Enforcing our Terms of Service and account ban policies
• Collecting evidence for chargeback defense (see Terms of Service §6)

5.3 Improvement & Analytics

• Analyzing usage patterns to improve features
• Processing feedback and bug reports
• Training and improving our internal quality assurance processes
• Understanding which features are most valuable to users

5.4 Communications

• Sending transactional emails (receipts, subscription confirmations)
• Responding to support requests
• Sending product updates and announcements (with your consent)
• Sending account security notifications

5.5 Legal Compliance

• Complying with applicable laws and regulations
• Responding to lawful requests from government authorities
• Enforcing our legal rights

5.6 Legal Basis for Processing (GDPR)

For users in the EU/UK, our legal bases for processing personal data are:

• Contract performance: To provide the services you requested
• Legitimate interests: For security, fraud prevention, and service improvement
• Legal obligation: For compliance with applicable law
• Consent: For optional features like marketing communications and precise location access

Data Sharing & Disclosure

We do not sell your personal data. We share data only as follows:

6.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service, including:

• AI model providers (for feature processing)
• Cloud hosting and storage providers (AWS)
• Payment processors (Stripe, Apple, Google)
• Email service providers
• Analytics providers

All service providers are contractually required to use your data only for the specified purpose and to maintain appropriate security standards.

6.2 Payment Dispute Defense

In the event of a payment dispute, chargeback, or fraud investigation, we may share relevant usage data, transaction records, IP addresses, device information, and activity logs with Stripe, Apple, Google, or other relevant parties to contest fraudulent claims and verify service delivery.

6.3 Legal Requirements

We may disclose your data when required by law, court order, or government authority, or when necessary to protect the rights, property, or safety of ${COMPANY}, our users, or the public.

6.4 Business Transfers

If Share Pet Story Inc.is involved in a merger, acquisition, or sale of all or part of its assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership and any choices you may have.

6.5 No Sale of Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

Data Retention

We retain your data for the following periods:

• Account data: Retained for the duration of your account plus 90 days after deletion request
• Transaction records: Retained for 7 years for accounting and legal compliance purposes
• Usage and activity logs: Retained for up to 2 years for fraud detection and dispute resolution purposes
• IP addresses and device data: Retained for up to 1 year for security purposes
• AI interaction content: Retained for up to 90 days unless saved by you as part of a project
• Banned account records: We may retain identifying information for banned accounts indefinitely to prevent re-registration
• Backup data: May persist in secure backups for up to 30 days after deletion

Security

We implement industry-standard security measures to protect your data:

• All data transmitted between your device and our servers is encrypted using TLS/HTTPS
• Passwords are hashed using bcrypt with a strong salt factor
• Database access is restricted to authorized personnel only
• Payment data is handled by PCI-compliant payment processors — we do not store raw payment card information
• Access to production systems is protected by multi-factor authentication
• Regular security audits and monitoring are performed
• API keys and secrets are stored using environment variables and secret management systems, not in code

Your Rights & Choices

9.1 Access & Portability

You may request a copy of the personal data we hold about you at any time by contacting support@snaplexicon.com.

9.2 Correction

You can update most of your profile information directly within the App. For other corrections, contact us at support@snaplexicon.com.

9.3 Deletion ("Right to be Forgotten")

You may request deletion of your account and associated data. Note that:

• We are required to retain transaction records for legal/accounting purposes (typically 7 years)
• We may retain certain data for fraud prevention and legal defense
• Banned account records may be retained to prevent re-registration
• Backup systems may retain data for up to 30 days after deletion

9.4 Opt-Out of Marketing

You may opt out of marketing communications at any time by clicking "unsubscribe" in any marketing email or by adjusting notification settings in the App.

9.5 Location Data

You can revoke location permissions at any time through your device settings. Revoking location access may limit certain features that depend on geographic context.

9.6 Submitting Requests

To exercise any of these rights, contact us at support@snaplexicon.com. We will respond within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing your request.

Children's Privacy

SnapLexicon is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@snaplexicon.com, and we will take steps to delete such information.

Users between 13 and 18 years of age must have parental or guardian consent to use the Service and make any purchases.

California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions
• Right to Correct: You may request correction of inaccurate personal information
• Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Limit Sensitive Information Use: We process sensitive personal information only as necessary to provide the Service

To exercise your California rights, contact us at support@snaplexicon.com with the subject line "California Privacy Rights Request."

EU/UK Residents — GDPR Rights

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR/UK GDPR:

• Right of Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restriction: Request we limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to our processing of your data for legitimate interests
• Rights related to automated decisions: Not be subject to solely automated decisions that significantly affect you

International Data Transfers: Share Pet Story Inc.is based in the United States. If you are located outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other appropriate mechanisms for international transfers as required by applicable law.

To exercise your GDPR rights or to lodge a complaint, contact support@snaplexicon.com. You also have the right to lodge a complaint with your local supervisory authority.

Cookies & Tracking Technologies

Our web platform uses cookies and similar tracking technologies:

• Essential cookies: Required for the Service to function (authentication, session management). Cannot be disabled.
• Analytics cookies: Help us understand how users interact with the Service. You can opt out.
• Preference cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the web version.

Our mobile application does not use traditional cookies but may use similar device-based identifiers for session management and analytics.

Third-Party Services & Links

SnapLexicon may display links to third-party vendors and external websites. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with through our App.

Our third-party service providers include:

• OpenAI — openai.com/privacy
• Anthropic — anthropic.com/privacy
• Google — policies.google.com/privacy
• Stripe — stripe.com/privacy
• Amazon Web Services — aws.amazon.com/privacy
• Apple — apple.com/legal/privacy

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email notification to your registered email address
• Displaying a prominent notice within the App

Your continued use of SnapLexicon after the effective date of any privacy policy changes constitutes your acceptance of the updated policy.

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices: