Privacy Policy

Last updated: April 7, 2026

1. Introduction and Data Controller

Welcome to Snaply, an online invoice generation and management platform. This privacy policy explains how we collect, use, store, and protect your personal data when you use our platform, and informs you about your rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The data controller responsible for processing your personal data is:

  • Billio Software Services s.r.o.
  • Kurzova 2222/16, Stodůlky, 155 00 Praha 5, Czech Republic
  • IČO: 24638561
  • Contact email: support@snaplyinvoicing.com

2. Information We Collect

We collect and process the following types of personal data to provide our services:

  • Account Information: Email address and password (hashed using Argon2 industry-standard encryption) when you register with email, or your email address and Google account identifier when you register or log in using Google OAuth.
  • Invoice Data: Your business information (name, address, contact details, logo), client information (names, email addresses), invoice details (items, prices, descriptions, dates), and any custom notes or terms you add to invoices.
  • Payment Information: We use Stripe, a third-party payment processor, to handle all subscription payments. We do not collect, store, or have access to your full credit card information. Stripe securely processes your payment details. We only receive limited information from Stripe such as the last four digits of your card, card brand, expiration date, and transaction status for billing and subscription management purposes. For more information, please review Stripe's Privacy Policy.
  • Usage Data: Information about how you use our service, including invoice creation frequency, features used, and interaction patterns to improve our platform.
  • Subscription Data: Your subscription plan, Stripe customer and subscription identifiers, subscription status, and subscription end date.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract (Art. 6(1)(b)): Processing is necessary to provide you with the invoicing services you signed up for, including account management, invoice creation and delivery, and subscription processing.
  • Legitimate Interests (Art. 6(1)(f)): Processing is necessary for our legitimate interests, such as improving our services, ensuring platform security, preventing fraud, and understanding how our service is used. We ensure these interests do not override your fundamental rights.
  • Legal Obligation (Art. 6(1)(c)): Processing is necessary to comply with legal obligations, such as tax and accounting requirements, and responding to lawful requests from public authorities.
  • Consent (Art. 6(1)(a)): Where required, we process your data based on your freely given, specific, and informed consent. You have the right to withdraw your consent at any time by contacting us at support@snaplyinvoicing.com. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and maintain our invoice generation and management service
  • To create, store, and manage your invoices and client data
  • To generate PDF invoices with your business and client information
  • To authenticate and manage your account access (including via Google OAuth)
  • To process subscription payments through our payment processor, Stripe
  • To manage your subscription status and billing history
  • To provide customer support and respond to your inquiries
  • To improve our services, develop new features, and enhance user experience
  • To send you important service updates, security alerts, and administrative messages
  • To comply with legal obligations and prevent fraudulent activity

5. Third-Party Service Providers

We use the following third-party service providers (data processors) to help us operate our platform. Each provider processes your data only on our behalf and in accordance with our instructions:

  • Stripe, Inc. (Payment Processing): Processes all subscription payments. Your payment information is transmitted directly to Stripe and is subject to Stripe's privacy policy. Stripe is PCI-DSS compliant. Stripe may collect and process your payment card details, billing address, and transaction information. Privacy policy: https://stripe.com/privacy
  • Resend (Email Delivery): We use Resend to deliver invoices, quotes, and credit notes to your clients and to send service notifications (including welcome emails, verification emails, and reminders) to you. Resend processes recipient email addresses and email content on our behalf.
  • Cloud Infrastructure Providers (Hosting): Our application is hosted on secure cloud infrastructure providers that maintain industry-standard security certifications. These providers process data transmitted through our platform, including account data, invoice data, and client data. All hosting providers are bound by data processing agreements.
  • Google LLC (Authentication): If you choose to log in or register using Google OAuth, Google processes your authentication data. We receive only your email address and Google account identifier. Google's privacy policy: https://policies.google.com/privacy

All third-party service providers are bound by data processing agreements and are required to maintain appropriate security measures and use your data only for the purposes we specify.

6. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data and invoice information:

  • All passwords are securely hashed using Argon2 (industry-standard algorithm) before storage
  • Data transmission is secured using HTTPS/TLS encryption
  • Invoice data and client information are stored in encrypted databases
  • Access to personal data is restricted to authorized personnel only and protected by authentication systems
  • Regular security audits and updates to our systems to address vulnerabilities
  • Secure database storage with automated backups to prevent data loss
  • We do not store your full payment card details; these are securely handled by Stripe

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable means to protect your information.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

  • Service Providers: With the third-party service providers listed in Section 5, under data processing agreements that ensure your data is protected
  • Invoice Recipients: When you send an invoice to a client, we share the invoice data you've created (including your business details and the invoice content) with that recipient
  • Legal Requirements: When required by law, court order, or legal process, or to protect our rights, property, and safety or that of our users
  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business. You will be notified of any such transfer and any changes to the processing of your personal data
  • With Your Consent: When you explicitly authorize us to share specific information

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session and remember your preferences. We currently use only essential and functional cookies that are necessary for the operation of our service:

  • Essential Cookies: Required for authentication (JWT tokens), security, and basic functionality of our service. These are strictly necessary and do not require consent under the GDPR, as our service cannot function without them.
  • Functional Cookies: Remember your preferences such as language settings. These cookies are used based on our legitimate interest in providing a usable service.

We do not use any third-party analytics cookies or advertising trackers. You can control cookie preferences through your browser settings. However, disabling essential cookies will affect your ability to use the platform (e.g., staying logged in).

9. Your Privacy Rights

Under the GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by contacting us at support@snaplyinvoicing.com:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you, including your account information and invoice data
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data and account. Note that we may retain certain information as required by law (e.g., tax and accounting records)
  • Right to Restriction of Processing (Art. 18): Request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, and machine-readable format, and transmit that data to another controller
  • Right to Object (Art. 21): Object to processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing carried out before withdrawal
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. For our company, the relevant authority is the Czech Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, website: https://www.uoou.cz. You may also contact the supervisory authority in your own EU/EEA member state

We will respond to all rights requests within 30 days. In complex cases, this period may be extended by an additional 60 days, and we will inform you of any such extension.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Your data is retained while your account is active and you continue using our service
  • Deleted Accounts: When you delete your account, we will delete or anonymize your personal data and invoice information within 30 days, except for data we are legally required to retain for tax, accounting, or legal purposes
  • Invoice Records: For financial and legal compliance, we may retain invoice transaction records for up to 7 years after account closure, as required by applicable tax and accounting regulations
  • Backup Systems: Data in backup systems will be deleted in accordance with our backup retention schedule

11. International Data Transfers

Some of our third-party service providers are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:

  • The European Commission's Standard Contractual Clauses (SCCs) between us and our data processors
  • The EU-U.S. Data Privacy Framework, where applicable for certified organizations
  • Adequacy decisions issued by the European Commission for transfers to countries recognized as providing adequate data protection

You may request a copy of the relevant safeguards by contacting us at support@snaplyinvoicing.com.

12. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you. All decisions that affect your use of our service (such as subscription management) are based on straightforward criteria and may be reviewed by our support team upon request.

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending you an email notification if the changes significantly affect your rights
  • Displaying a prominent notice in our application when you next log in

We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have any questions about this privacy policy, our data processing practices, or wish to exercise your privacy rights under the GDPR, please contact us:

  • Email: support@snaplyinvoicing.com
  • Company: Billio Software Services s.r.o., IČO: 24638561
  • Address: Kurzova 2222/16, Stodůlky, 155 00 Praha 5, Czech Republic

We aim to respond to all inquiries within 30 days.

By using the Snaply invoicing platform, you acknowledge that you have read and understood this Privacy Policy.