Privacy Policy for SnapSort AI

Last Updated: September 4, 2025

Welcome to SnapSort AI ("we," "us," or "our"), a service provided by Pshichenko Enterprises Inc. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and our services (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

For users in California, this policy includes information specific to your rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the App depends on the content and materials you use, and the actions you take, and includes:

A. Personal Data You Provide to Us

• Account Information: When you create an account, we collect your email address and a hashed password. If you sign up using Google Sign-In, we may also collect your name, email address, and profile picture URL as provided by Google. We also assign you a unique User ID (Firebase UID).
• Workspace and Organizational Data: Workspace names you create, user roles you assign or are assigned within workspaces, tote names, item descriptions, and tags (whether manually entered or AI-generated).
• User-Uploaded Images: Photographs of your items and totes that you upload to the Service for cataloging and AI processing.
• Invitation Data: Email addresses of individuals you invite to your workspaces, and any invite codes generated or used.
• Purchase Information:
  • For physical QR stickers processed via Stripe: Shipping address (name, street address, city, state, ZIP code, country, optional phone number) and confirmation of payment. We do not collect or store your full credit card numbers; this is handled by Stripe.
  • For digital QR PDFs and AI Credits processed via Google Play In-App Purchase: Confirmation of purchase details (e.g., purchase token, order ID) from Google. If you purchase digital QR PDFs, we may collect an email address for PDF delivery.
• Communications: If you contact us for support or provide feedback (e.g., via email to support@snapsortai.com or through integrated support channels like Featurebase), we will collect the information contained in your communications.

B. Data Collected Automatically

• Usage Data: Timestamps of actions (e.g., account creation, item/tote creation, modifications, logins), interaction logs (e.g., borrowing, returning, deleting, moving items/totes, linked to your User ID and/or email).
• Device and Technical Information: We may collect device model, operating system version, IP address, and Firebase Cloud Messaging (FCM) tokens for push notifications. Firebase Analytics collects anonymized usage data, including general usage patterns (e.g., screen views, session counts and durations for DAU, WAU, MAU metrics) and crash reporting data.
• Advertising Identifier (Android): Where available on your device, our app and certain Google SDKs may access the Android Advertising ID (AAID/GAID). We use or allow its use only for: (i) analytics and app performance measurement; (ii) fraud prevention, security, and abuse detection; and (iii) essential app functionality such as install attribution. We do not use the advertising ID to serve ads in the app or for cross-context behavioral advertising. You can reset or limit this identifier in your Android device settings (see “Your Data Protection Rights” below).

C. Information from Third Parties

• Google Sign-In: Name, email, profile picture URL.
• Stripe: Payment confirmation, transaction IDs, and potentially billing address information associated with the payment method for fraud prevention purposes handled by Stripe.
• Shippo: Shipping rate information and tracking updates.
• Google Play Publisher API / Apple App Store Connect API: Verification of In-App Purchases.
• OpenAI: We send images you upload for AI processing to OpenAI's API. The AI-generated tags and descriptions are returned to us and stored.
• Google Maps Places API: If you use address autocomplete features, we send partial address input to Google Maps Places API to provide suggestions and retrieve details for selected places.

2. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the App to:

• Create and manage your account.
• Authenticate you and secure your account.
• Enable the creation, organization, and management of workspaces, totes, and items.
• Process your purchases of AI Credits, digital QR code PDFs, and physical QR code stickers, including calculating shipping and taxes, and fulfilling orders.
• Provide AI-powered item tagging and description services using your uploaded images.
• Generate and manage QR codes associated with your totes.
• Facilitate collaboration by allowing you to invite users to workspaces and manage their roles.
• Send you transactional communications, such as order confirmations, shipping updates, service announcements, and responses to your inquiries.
• Monitor and analyze usage and trends to improve the App and Service.
• Use the Android Advertising ID (when available) for analytics, security/fraud prevention, and essential functionality such as install attribution. We do not use it to serve ads or for cross-context behavioral advertising.
• Diagnose and fix technical issues and bugs.
• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
• Comply with applicable legal obligations and respond to legal requests.

3. Disclosure of Your Information (Sharing with Third Parties)

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

• With Service Providers: We share your information with third-party vendors and service providers that perform services for us or on our behalf, including:
  • Firebase (Google Cloud Platform): For authentication, database hosting (Realtime Database), file storage (Cloud Storage for images, PDFs), backend logic (Cloud Functions), push notifications (FCM), and analytics. Certain Firebase/Google SDKs may access the Android Advertising ID to support analytics, security/fraud prevention, and essential functionality (e.g., install attribution). We do not use Firebase or Google services to serve ads in the app.
  • Stripe: For processing payments for physical QR stickers. Stripe handles your payment card information directly.
  • Shippo: For calculating shipping rates for physical QR stickers using your shipping address and our sender address.
  • Google (for In-App Purchases & Maps): For processing payments for digital goods via Google Play Store and for providing address autocomplete/details via Google Maps Places API.
  • OpenAI: For generating item descriptions/tags from images you upload.
  • SendGrid (Twilio): For sending transactional emails (e.g., order confirmations, password resets, invitations).
• With Other Users in Your Workspace: If you are part of a shared workspace, your email address and/or display name may be visible to other members of that workspace. The content you add to a shared workspace (totes, items, images, descriptions, tags) will be accessible to other members of that workspace according to their assigned roles and permissions.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not sell your personal information to third parties for monetary consideration. For California residents, please see Section 7 for more information on "sharing" under the CCPA/CPRA.

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. This includes using HTTPS for data transmission, encrypting sensitive data like passwords (hashed), utilizing Firebase's security features (including security rules for database and storage access), and implementing role-based access controls within the App. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information. You are responsible for keeping your account password confidential.

5. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Account Information: Retained as long as your account is active. If you delete your account (e.g., via workspace closure if you are the sole owner and member of all your workspaces), your core user record may be retained for a reasonable period for administrative purposes or as required by law, before being anonymized or deleted.
• Workspace, Tote, and Item Data (including images and AI-generated tags): This data is associated with a workspace. It is retained as long as the workspace is active. If a workspace is closed by its owner, this data will be scheduled for deletion according to our data deletion processes, which may include a grace period. Data related to specific items or totes you soft-delete will be moved to a "deleted" state and may be permanently deleted after a set period or upon hard-deletion by an authorized user.
• Purchase Records: Information related to your purchases (e.g., order ID, product purchased, amount, but not full payment card details) will be retained for as long as necessary for our financial and legal compliance obligations (generally 3-7 years, or as required by applicable law).
• OpenAI Data: Images sent to OpenAI for processing are subject to OpenAI's data usage and retention policies. We encourage you to review their policies (linked below). We do not control how long OpenAI retains this data.
• Log Data: Usage logs and analytics data may be retained for internal analysis and service improvement for a period necessary for these purposes and then anonymized or deleted.

6. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at support@snapsortai.com so that we can take necessary actions.

7. Your Data Protection Rights (Including California Residents under CCPA/CPRA)

Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include:

• The right to know and access: You may have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, and the categories of third parties to whom we disclose personal information.
• The right to delete: You may have the right to request that we delete personal information that we have collected from you, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, comply with a legal obligation).
• The right to correct: You may have the right to request that we correct inaccurate personal information that we maintain about you.
• The right to opt-out of sale or sharing: We do not "sell" your personal information for monetary consideration. Under the CCPA/CPRA, "sharing" can also refer to sharing for cross-context behavioral advertising. We do not currently engage in such sharing. If our practices change, we will update this policy and provide an opt-out mechanism.
• The right to limit use and disclosure of Sensitive Personal Information (SPI): You may have the right to limit our use of your SPI (such as account login credentials) to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer. We primarily use SPI like your email for account management and service provision.
• The right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us at support@snapsortai.com. We will respond to your request consistent with applicable law. We may need to verify your identity before processing your request.

Android Advertising ID controls: You can reset or limit the use of your device’s advertising identifier at any time. On most devices, go to Settings > Google > Ads (or Settings > Privacy > Ads), then choose “Reset advertising ID” and/or turn on “Opt out of Ads Personalization.” On Android 13 and later, if you opt out, the advertising ID may be unavailable to apps. Our app honors these system settings.

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States (where Firebase and other key services are hosted) and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9. Links to Third-Party Service Policies

Our Service uses third-party services that have their own privacy policies. We encourage you to review them:

• Google (including Firebase, Google Sign-In, Google Play, Google Maps): https://policies.google.com/privacy
• Firebase Privacy and Security: https://firebase.google.com/support/privacy
• Stripe: https://stripe.com/privacy
• Shippo: https://goshippo.com/privacy/
• OpenAI: https://openai.com/policies/privacy-policy
• SendGrid (Twilio): https://www.twilio.com/legal/privacy

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. If we make material changes, we may also notify you through the App or by email. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after the posting of changes constitutes your acceptance of such changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: