Privacy Policy
Last updated: 2 February 2026
1. Data Controller
The data controller is:
Snodo
Lorenzo Pesando
De Regent 104, 5611 HW Eindhoven, Netherlands
Email: privacy@snodo.eu
2. Development Status
Snodo is in active development (beta). This privacy policy applies to the current state of the service and may be updated as the platform evolves.
3. Purposes of Processing
Personal data is processed for the following purposes:
- Service delivery: management of projects, tasks, files, invoices and team communication
- Account management: user account creation, authentication and security
- Communications: service notifications, updates and administrative messages
- Service improvement: usage analytics to improve functionality and performance
- Legal compliance: meeting applicable legal and regulatory obligations
4. Data We Collect
The only personal data we store is your email address. It is used for authentication, essential communications and (with consent) product updates.
Additionally, we may process:
- Usage data: access logs, platform activity, user preferences
- Content: files, messages, comments, notes and other user-created content
- Billing data: information required for invoice and payment management (if applicable)
- Technical metadata: IP address, browser type, OS, timestamps
5. What We Do NOT Do
- We do not sell your data to anyone, ever
- We do not share data with advertisers or data brokers
- We do not use your data for profiling or targeted advertising
- We do not store passwords (authentication is handled by Supabase Auth)
6. Legal Basis (GDPR)
- Contract performance: processing necessary to deliver the requested service
- Consent: for marketing communications and newsletters (revocable at any time)
- Legitimate interest: to improve the service, prevent fraud and ensure security
- Legal obligation: to comply with applicable laws
7. Third-Party Processors
The following services process data on our behalf. Each operates under their own privacy policy and standard DPA:
| Service | Purpose | Region |
|---|---|---|
| Supabase | Database, autenticazione, storage | UE (eu-west-1) |
| Vercel | Hosting app, rete edge | Globale (USA primario) |
| Stripe | Pagamenti, abbonamenti | US / EU |
| Google APIs | OAuth, Calendar, Drive, Maps | Globale |
| Dropbox API | Importazione file (opzionale) | US |
| Resend | Email transazionali | US |
| Sentry | Tracciamento errori | US |
| PostHog | Analytics di prodotto | EU (eu.i.posthog.com) |
| Vercel Analytics | Web vitals, prestazioni | Globale |
| Upstash Redis | Caching, rate limiting | EU |
| Vercel AI Gateway | Funzionalità AI | US |
| EU VIES | Verifica Partita IVA | EU |
| Aruba FE | Fatturazione elettronica (SDI) | UE (Italia) |
Optional integrations (Google, Dropbox) require your explicit authorisation and can be revoked at any time from your account settings. OAuth tokens are encrypted; we never store third-party passwords.
8. Data Retention
- Active account: for the duration of your active account
- Legal retention: as required by law (e.g. accounting data for 10 years)
- After deletion: data is deleted within 30 days of a deletion request, except where legal retention applies
9. International Transfers
Some processors operate outside the EU (primarily USA). Transfers are safeguarded by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequate safeguards as required by the GDPR
10. Your Rights (GDPR)
Under the GDPR you have the right to:
- Access: obtain confirmation and access to your personal data
- Rectification: correct inaccurate or incomplete data
- Erasure: request deletion of your data ("right to be forgotten")
- Restriction: restrict processing in certain circumstances
- Portability: receive your data in a structured format and transfer it
- Objection: object to processing on legitimate grounds
- Withdraw consent: withdraw consent at any time (where processing is consent-based)
To exercise your rights, contact: privacy@snodo.eu
You also have the right to lodge a complaint with the competent supervisory authority.
11. Security
We implement appropriate technical and organisational measures to protect personal data:
- Encryption in transit (HTTPS/TLS) and at rest
- Multi-factor authentication available
- Row Level Security (RLS) for tenant data isolation
- Role-based access and permissions
- Activity monitoring and logging
- Regular backups and disaster recovery
- OAuth tokens encrypted with AES-256-GCM
- Sensitive headers stripped from error reports
12. Cookies
- Technical cookies: required for authentication and security
- Preference cookies: to remember your settings (theme, language)
- Analytics cookies: for usage analysis (with consent, production only)
You can manage cookie preferences through your browser settings.
13. Children
The Service is intended for users of legal age. We do not knowingly collect personal data from children under 18. If we become aware of such data, we will delete it immediately.
14. Changes to This Policy
This policy may be updated periodically. Material changes will be communicated via email or in-app notification. The date of the last update is shown at the top of this document.
15. Contact
For privacy questions or data requests:
Email: privacy@snodo.eu
Address: De Regent 104, 5611 HW Eindhoven, Netherlands