← Back to SnapDeck

Privacy Policy

Last updated: 27 June 2026

SnapDeck is built so that your decks stay yours. We never store the slides you photograph or the text we extract from them. This page explains the little we do hold, what we send to our processors, and the rights you have over it.

1. Who we are

SnapDeck is operated by INSIGHTS-2, a sole-proprietorship registered in Singapore (UEN 53523643C), trading as Insights² ("we", "us", "our"). Our principal place of business is 21 Hazel Park Terrace, #1-7, Hazel Park Condominium, Singapore 678946. We are the data controller for personal data processed through SnapDeck at snapdeck.insights-2.com. For GDPR and UK-GDPR purposes we are the controller; for CCPA and CPRA we are a "business".

To reach a human about privacy, or to contact our Data Protection Officer (Mark Cunningham, PDPA s.11), email hello@insights-2.com. An EU representative (GDPR Art. 27) and a UK representative (UK-GDPR Art. 27) are to be appointed; until then, please contact us directly at the address above.

2. What we collect

We try to collect as little as possible. From you, when you use SnapDeck:

  • Email address, so you can sign in with a one-time code and so we can credit your account.
  • Account identifier, an internal ID that ties your sign-in to your slide balance.
  • Slide-usage counters, the number of slides you have extracted and your current allowance. We store the count, not the content.
  • Purchase records, a log of completed Stripe checkout events (event ID, type, time, and the number of slides credited) so we can credit purchases reliably and avoid double-counting.

Automatically:

  • Server logs from our hosting provider, Vercel (HTTP method, status, timestamp, user-agent, request path), held for incident response and abuse prevention.

We run no analytics, no advertising cookies, and no cross-site tracking. The only cookie we set is the session cookie that keeps you signed in (see section 9).

3. What we do not store

Your slide photos and the text we extract are never stored on our servers. We keep no copy of your decks or their contents.

When you capture and extract a deck:

  • The photos stay in your browser. A downscaled copy of each slide is sent to our AI processor (Anthropic) to read the text, then discarded. We do not retain either copy.
  • The extracted Markdown is assembled in your browser. The PDF and the .md file are generated on your device and handed to you to save or share.
  • Once you leave or close the session, the photos and text are gone from memory. We never received a stored copy in the first place.

4. How we use what we collect

  • To sign you in, run the service, and keep track of your slide balance.
  • To process your purchases through Stripe and credit your account.
  • To keep SnapDeck secure and prevent fraud and abuse.
  • To meet our legal, accounting, and tax obligations in Singapore and any jurisdiction where we have a customer.

If GDPR or UK-GDPR applies to you, our lawful bases are: performance of a contract (running the service and processing payment), compliance with a legal obligation (tax and accounting records), and our legitimate interests (keeping the service secure), balanced against your rights. If the PDPA applies, we rely on consent or an applicable exception in its Schedules.

5. AI processing

To turn a slide into text, the slide image is sent in real time to Anthropic(Claude) over its API. Anthropic returns the extracted text, which is assembled in your browser. We do not keep the image, and Anthropic is not our long-term store for it.

By Anthropic's commercial terms, content submitted through its API is not, by default, used to train Anthropic's models. Please verify the current statement at the Anthropic Commercial Terms before relying on it. If you do not want a slide processed by Anthropic, do not capture it.

6. Subprocessors

We do not sell your personal data and we do not share it for cross-context behavioural advertising. We use the following providers, who process data on our instructions under written agreements:

ProviderPurposeRegion
Supabase Inc.Authentication, database (email, account ID, usage and purchase records), and sign-in code emailsUS / SG
Vercel Inc.Hosting, edge runtime, and server logsUS / global
Anthropic PBCReads your slide images to extract text; images are sent per request and not stored by usUS
StripeCard processing and checkout. Stripe handles card details; they never reach our serversSG / US / global

Card payments are settled to the business through Airwallex. Airwallex does not receive buyer card data. We will also disclose personal data where the law requires it, to enforce our Terms, or to prevent fraud.

7. Data retention

  • Account, usage, and purchase records: kept while your account is active.
  • Slide photos and extracted text: not retained at all.
  • Billing and tax records: 7 years from the transaction, to meet IRAS recordkeeping obligations (Singapore Income Tax Act, s.67).
  • Server logs: 90 days, then rotated.
  • On account closure: account and usage data are deleted within 30 days, except where tax, accounting, or other law requires us to keep a record.

8. International transfers

Our subprocessors are global, so personal data may be processed in the United States, the European Union, the United Kingdom, or elsewhere. We rely on the PDPA Transfer Limitation Obligation (s.26) through contractual undertakings, the European Commission's Standard Contractual Clauses (2021) where GDPR applies, and the ICO's International Data Transfer Agreement or UK Addendum where UK-GDPR applies. Copies are available on request.

9. Cookies

We use one strictly necessary cookie: the Supabase Auth session cookie (HttpOnly, Secure) that keeps you signed in. Without it you cannot use the app. We set no analytics or advertising cookies, and we do not track you across other sites.

10. Your rights

Wherever you are, you can ask us to:

  • Tell you what personal data we hold about you and give you a copy (access).
  • Correct anything inaccurate or incomplete (rectification).
  • Delete your personal data and close your account (erasure).
  • Restrict or stop our processing, or object to processing based on legitimate interests.
  • Withdraw consent at any time, without affecting processing already carried out.
  • Receive your data in a portable, machine-readable format.

We do not make solely-automated decisions that have legal or similarly significant effects about you. To exercise any right, email hello@insights-2.com. We respond within 30 days of a verifiable request and will not discriminate against you for asking.

You can also complain to a regulator: the Personal Data Protection Commission in Singapore (pdpc.gov.sg), the Information Commissioner's Office in the UK (ico.org.uk), your local supervisory authority in the EU, the California Privacy Protection Agency, or the Office of the Australian Information Commissioner (oaic.gov.au).

11. Do not sell or share

We do not sell personal information and we do not share it for cross-context behavioural advertising as those terms are defined under the California Consumer Privacy Act (Cal. Civ. Code § 1798.140). We honour the Global Privacy Control (GPC) signal as a request to opt out of any future sale or sharing.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date above reflects the current version. For material changes that affect how we handle your data, we will give at least 30 days' notice by email or in the app before the change takes effect.

13. Contact

INSIGHTS-2 (UEN 53523643C)
21 Hazel Park Terrace, #1-7, Hazel Park Condominium, Singapore 678946
hello@insights-2.com