Buddy

BuddySnap

Your AI study assistant

Back to home

Privacy Policy

Last updated: June 26, 2026

1. Introduction

BuddySnap ("we", "our") is committed to protecting the privacy of its users ("you", "your"). This Privacy Policy describes how we collect, use and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

2.1 Authentication Data

Email address, name, and OAuth tokens used to create and manage your account.

2.2 Usage Data

Quiz images you upload, session metadata, and AI-generated answers associated with your account.

2.3 Payment Data

Billing information is processed and stored exclusively by Stripe. We never store card details.

3. How We Use Your Data

We use your data to:

  • Provide the AI-powered quiz analysis service
  • Manage your account and authentication
  • Process payments for paid plans
  • Improve the quality of the service
  • Send service-related communications (no marketing without consent)
  • Ensure security and prevent abuse

4. Legal Basis (GDPR)

  • Contract performance: Providing the BuddySnap service
  • Consent: Marketing and promotional communications (optional)
  • Legitimate interest: Security, fraud prevention, service improvement
  • Legal obligation: Retention of fiscal and accounting records

5. Data Retention

Data TypeRetention Period
Quiz images24 hours (automatic deletion)
Account dataUntil account deletion
Technical logs30 days
Payment data10 years (legal obligation)

6. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your account and data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing for marketing purposes
  • Restriction: Restrict processing in specific cases

To exercise your rights:

Go to your Account page and use the "Delete Account" feature, or contact us by email at buddysnapp@gmail.com.

7. Security

We implement technical and organisational security measures to protect your data:

  • TLS 1.3 encryption for all communications
  • OAuth 2.0 authentication via Google
  • Row-Level Security (RLS) on the Supabase database
  • Automatic daily backups
  • Continuous monitoring for anomaly detection
  • Data access restricted to authorised personnel only

8. Cookies & Tracking

We only use essential technical cookies required to operate the service (authentication, session management). For more details, see our Cookie Policy.

9. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance of the updated policy.