Privacy Policy
Effective Date: May 31, 2026
Service: Snap4ID
§ 1. Introduction
This Privacy Policy (the "Policy") sets out the rules for the processing of personal data collected through the Snap4ID web service available at snap4.id (the "Service"). The Service allows users to process and format photographs for official documents using computer vision technology.
The Service is provided by OWN-WAY NET (hereinafter referred to as the "Controller", "we", or "us"), a company based in the United States.
We are committed to protecting your privacy. This Policy explains how we collect, use, and safeguard your information, based on the requirements of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and acts as our notice to users globally, including residents of the United States.
§ 2. Information We Collect
We collect information necessary to provide the Service, process payments, and ensure technical stability.
1. Information You Provide Directly
- Photographs: Facial photographs uploaded for document processing.
- Document Preferences: The type of document (e.g., passport, ID card) and the target country for which the photo is being prepared.
- Contact Information: Email address (used for delivering order confirmations, receipts, and formatted photos).
- Support Data: Information provided by you when contacting our customer support (e.g., via service@snap4.id).
2. Information Collected Automatically
- Technical Data: Device type, operating system, browser type and version, IP address, and approximate location (country level).
- Usage Data: Processing timestamps, job identifiers (randomly generated UUIDs), and technical metadata related to photo analysis (image dimensions, quality metrics).
3. Photo Processing Data
Our Service processes the photo you upload in order to crop, align and format it to the required specification.
- What we process: Measurements derived from your photo, used only to crop, align and format it to the required specification. This data is stored with your job and automatically deleted after 30 days.
- Limitations: This data is processed automatically without human review, is not used to identify individuals, and is not shared with third parties for identification purposes.
4. Payment Information
We do not store or process credit card numbers directly. All payment transactions are handled by our Merchant of Record, Paddle, which acts as the reseller of our services and processes your financial data in a PCI-compliant environment.
§ 3. Purposes and Legal Basis for Processing
We process your data for the following purposes based on the indicated legal bases (GDPR Art. 6):
- Service Delivery (Contract - Art. 6(1)(b)): To process your photos, verify compliance with document standards, and deliver the final product.
- Payment Processing (Contract - Art. 6(1)(b)): To facilitate payments through our provider (Paddle).
- Service Improvement & Security (Legitimate Interest - Art. 6(1)(f)): To debug technical issues, prevent fraud, ensure the security of the Service, and analyze aggregated usage patterns.
- Legal Compliance (Legal Obligation - Art. 6(1)(c)): To comply with tax regulations (invoicing) and consumer protection laws.
- Marketing (Consent - Art. 6(1)(a)): Only if you explicitly consent (e.g., newsletter subscription), we may send you marketing communications. You may withdraw this consent at any time.
§ 4. Data Retention
We adhere to a strict data minimization policy.
| Data Type | Retention Period |
|---|---|
| Job Records (Uploaded photos, generated photos, processing data) | 30 Days |
| Payment Records (Transaction IDs, receipts) | Retained as required by tax law (typically 5-7 years) |
| Anonymized Analytics | Indefinitely (cannot be used to identify you) |
After the retention period expires (30 days for job data), your photos and biometric data are automatically and permanently deleted from our systems. We do not maintain backups of deleted user content.
§ 5. Data Storage and Third-Party Providers
Your data is securely stored and processed using industry-standard infrastructure. We share data only with trusted providers necessary to operate the Service.
| Recipient / Category | Purpose | Location |
|---|---|---|
| Cloud infrastructure & hosting | Hosting, storage, and computing that run the Service. | United States |
| Authentication & application services | User sign-in and core application data processing. | United States |
| Paddle (Merchant of Record) | Payment processing, invoicing, and tax handling. | United Kingdom / Global |
International Transfers:
Our infrastructure is located in the United States, so your data is processed there. For users in the EU/EEA,
this constitutes an international transfer; we ensure appropriate safeguards are in place for such transfers,
relying on Standard Contractual Clauses (SCCs) approved by the European Commission or the EU-U.S. Data Privacy
Framework, ensuring your data remains protected in accordance with GDPR standards.
§ 6. Security Measures
We implement robust technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration.
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL/TLS) technology.
- Encryption at Rest: Data stored on our servers (via our cloud infrastructure provider) is encrypted at rest using industry-standard encryption protocols (AES-256).
- Access Control: Access to personal data is strictly limited to authorized personnel and systems necessary for the operation of the Service. We employ the principle of least privilege.
- Provider Security: We strictly vet our third-party providers (our cloud infrastructure and payment providers) to ensure they maintain high security standards, including SOC 2 and ISO 27001 certifications.
While we strive to use commercially acceptable means to protect your data, please remember that no method of transmission over the Internet is 100% secure.
§ 7. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of the data being processed.
- Rectification: Request correction of inaccurate data.
- Erasure ("Right to be Forgotten"): Request deletion of your data before the automatic 30-day expiration.
- Restriction: Request restriction of processing in specific legal circumstances.
- Data Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent for marketing at any time.
To exercise these rights, please contact us at privacy@snap4.id.
§ 8. International Provisions & US Privacy Rights
Although our privacy framework is built on the GDPR, we respect the privacy rights of all our users worldwide, including residents of the United States (e.g., California, Virginia, Colorado).
1. No Sale of Personal Data
We do not sell your personal information. We do not exchange your photos or personal data for monetary or other valuable consideration. We do not share your data with third parties for cross-context behavioral advertising.
2. Universal Rights
We extend the core rights granted by the GDPR (Access, Deletion, Correction) to all our users globally. If you are a US resident, you may exercise these rights by contacting us at privacy@snap4.id. We will not discriminate against you for exercising your privacy rights.
3. "Shine the Light" Law (California)
We do not share personal information with third parties for their direct marketing purposes.
§ 9. Cookies and Tracking
We use essential cookies (necessary for the Service to function) and statistical cookies (to understand usage patterns). We do not use third-party tracking pixels for behavioral advertising. You can manage your cookie preferences through your browser settings.
§ 10. Children's Privacy
The Service is intended solely for adults. You must be at least 18 years old to use this Service. We do not knowingly collect personal information from individuals under 18. If we discover that a user is under 18, we will immediately delete their data.
§ 11. Changes to This Policy
We may update this Policy to reflect changes in our Service or legal requirements. The "Effective Date" at the top of this Policy indicates the latest revision. Continued use of the Service implies acceptance of the updated Policy.
§ 12. Contact Us
- Privacy Inquiries: privacy@snap4.id
- Service Support: service@snap4.id
- Controller Address: OWN-WAY NET, 150 Essex Ave, Glen Ridge, NJ 07028, USA