Privacy Policy
Last updated: 2026-06-03 · Version 4
Identity of the operator
SnapPDF is operated by SeaQae Group, a sole trader, ABN 40 300 987 116, of Perth, Western Australia. We handle personal information in line with the Australian Privacy Principles where the Privacy Act 1988 (Cth) applies, and we use the same transparency standard as a baseline where it does not. For EU/UK GDPR purposes, SnapPDF is the controller for account and billing information you provide directly. Contact: privacy@snappdf.au.
What we collect
- Account information: email, name, password hash, billing address.
- Payment information: tokenised via Stripe — we never see your card number.
- Usage records: PDF job counts, timestamps, endpoints hit, byte counts. No file contents.
- File data: PDFs you upload are processed in memory and purged on response. Async artifacts are cached for a maximum of 24 hours.
- Server logs: IP address, user-agent, referer headers — retained 30 days for security and abuse detection.
- Marketing consent records: if you opt in to product updates, we retain the consent record per the Spam Act 2003 (Cth).
- Advertising signals: if Google AdSense is enabled, Google and its partners may process cookies, web beacons, IP addresses, device identifiers and page context for ad serving, measurement, fraud prevention and frequency capping.
What we do NOT collect
- We do not train machine-learning models on your files.
- We do not sell personal information.
- We do not load Google advertising cookies unless advertising is enabled and the required consent or legal basis is in place.
- We do not knowingly collect data from anyone under 18 years of age.
Legal bases and purposes (GDPR Article 13)
- Contract performance: delivering the service, billing, support.
- Legitimate interest: abuse detection, fraud prevention, security, product improvement.
- Legal obligation: retaining tax records under Australian law.
- Consent: optional marketing emails, analytics cookies and advertising cookies where consent is required — you can withdraw at any time.
We do not make decisions about you based solely on automated processing (no automated decision-making that produces legal or similarly significant effects).
Retention — per category
| Category | Retention | Basis |
|---|---|---|
| Account data | Until you delete your account | Contract |
| Usage records | 24 months | Billing, dispute resolution |
| Server logs | 30 days | Security, abuse detection |
| File content (sync) | In memory only | Service delivery |
| File content (async artifacts) | 24 hours | Service delivery |
| Support correspondence | 24 months | Continuity, dispute history |
| Marketing consent records | 2 years after last message | Spam Act 2003 (Cth) |
| Tax records (invoices, ledger) | 5 years | ATO recordkeeping requirement |
Sub-processors and overseas disclosure (APP 8)
We disclose personal information to the following sub-processors. By using SnapPDF you acknowledge that your data may be processed outside Australia. Cross-border transfers are protected by provider data processing terms, the European Commission's Standard Contractual Clauses where applicable, and equivalent contractual safeguards otherwise.
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | App hosting, edge functions | United States, European Union |
| Supabase Inc. | Postgres database, auth, temporary file storage | Australia or provider-configured project region |
| Stripe, Inc. | Payments, billing, tax invoices | United States |
| Resend, Inc. | Transactional email | United States |
| Google LLC / Google group companies | Google AdSense ad serving, ad measurement, fraud prevention and related advertising services, if ads are enabled | United States and other Google processing locations |
DPAs including SCCs are available to Business and Enterprise customers on request.
Your rights
You have the right to access, correct, delete, export, object to or restrict processing, and withdraw consent. Email privacy@snappdf.au — we respond within 30 days.
- Australia: you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.
- EU / UK (GDPR): you may lodge a complaint with your local supervisory authority. Find yours at edpb.europa.eu.
- California: see "California rights" below.
California rights (CCPA / CPRA)
If you reside in California, you have the right to:
- Know what personal information we collect and how it is used;
- Request deletion of your personal information;
- Request correction of inaccurate personal information;
- Opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioural advertising);
- Limit use of sensitive personal information;
- Not be discriminated against for exercising these rights.
We honour Global Privacy Control (GPC) signals as an opt-out of sale/sharing. Submit requests via privacy@snappdf.au.
Notifiable Data Breaches
Under Australia's Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth), if we experience an "eligible data breach" (unauthorised access, disclosure or loss of personal information likely to result in serious harm), we will notify the OAIC and affected individuals as soon as practicable, and in any event in line with applicable deadlines. Under GDPR Article 33, we notify the relevant EU supervisory authority within 72 hours where required.
Children's data
SnapPDF is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact privacy@snappdf.au and we will delete it.
Security
We use HTTPS in transit, provider-backed encryption at rest where supported, signed webhooks for API workflows, hashed API keys, and organisation-scoped access controls. We review these controls before major releases and after material incidents.
Cookies
See our Cookie Policy for the full list of cookies, their purpose and duration.
If Google AdSense is enabled, third parties including Google may place and read cookies on your browser, or use web beacons, IP addresses and other identifiers as a result of ad serving on SnapPDF. Google explains this use of data at How Google uses data when you use our partners' sites or apps.
Changes
We will email the account owner about material changes with at least 14 days' notice. You can always read the current version here; historical versions are available on request.