Menu
Privacy

A privacy policy for project context, not ad data.

Snipara handles project intelligence: selected sources, reviewed memory, workflow state, retrieval metadata, and operational evidence. This policy explains what we collect, why, and what control you keep.

No resale of customer data

Snipara uses account, project, and operational data to run the service, not to sell customer records.

No model training on project content

Customer project content is not used to train Snipara general-purpose models.

Swiss core infrastructure

The hosted app stack runs from Switzerland, with Vaultbrix PostgreSQL documented as primary storage.

01

Overview

This policy applies to Snipara's website, hosted API, MCP endpoints, dashboard, companion-supported workflows, and related support conversations.

It is intended to describe the main privacy practices under the Swiss Federal Act on Data Protection, the GDPR where applicable, and related data protection laws.

02

Data controller

Snipara is operated by STARBOX GROUP GMBH, CHE-326.317.262, Chemin du Pre-Guillot 9, 1288 Aire-la-Ville, Switzerland.

Privacy requests can be sent to privacy@starbox-group.com.

03

What we collect

  • Account data such as email address, name, authentication provider metadata, and workspace membership.
  • Project data that you choose to upload, sync, index, or write into reviewed memory.
  • Operational metadata such as timestamps, request counts, token usage, tool calls, errors, and security events.
  • Billing and invoicing data when paid plans or enterprise agreements are used.
  • Support messages, vendor review requests, and security questionnaire context when you send them to us.
  • Public assistant conversations, optional name and email, first-party assistant cookie identifiers, and salted IP hashes where configured for abuse prevention.
04

How we use it

  • Authenticate users, operate accounts, manage workspaces, and enforce access boundaries.
  • Index selected project context and return relevant Project Intelligence through MCP, API, dashboard, or companion workflows.
  • Maintain reviewed memory, handoffs, What Changed briefs, source authority, and verification signals.
  • Secure the service, detect abuse, debug incidents, and investigate reliability issues.
  • Process payments, send transactional emails, answer support requests, and satisfy legal duties.
  • Answer public website assistant questions from the Snipara demo corpus and resume a conversation when you opt in or return from the same browser.

Where GDPR applies, the main legal bases are contract performance, legitimate interests in operating and securing the service, consent where requested, and legal obligations where they apply.

05

Public website assistant

The public Snipara guide is scoped to a demo documentation project. It is designed to answer practical onboarding questions from public Snipara material, not private customer projects.

If you provide a name, email, and explicit remember choice, Snipara may store those contact details with the assistant visitor record so the conversation can continue later. Without that choice, the assistant still uses a first-party browser cookie to keep the current conversation coherent.

Raw IP addresses are not used as a public assistant identity. Where abuse prevention is configured, Snipara stores a salted hash instead of the raw IP.

06

AI training

We do not sell customer data and we do not use customer project content to train Snipara general-purpose models. If you send prompts or context to a third-party LLM provider from your own stack, that provider's terms and controls remain relevant.

The public assistant can be configured with OpenAI or Anthropic for answer generation. Its server prompt instructs the provider to answer from the public demo corpus and not to disclose private data, secrets, or internal prompts.

07

Storage and processors

The core hosted application stack is operated from Switzerland. Depending on the feature used, specialized processors may support billing, email, authentication, monitoring, cache, and reliability operations.

Infomaniak

Hosted application infrastructure.

Vaultbrix PostgreSQL

Primary data storage in Switzerland.

Managed Redis

Cache, session, and runtime support where used.

Sentry

Error monitoring and reliability diagnostics.

Stripe

Billing and payment processing.

Resend

Transactional email.

GitHub or Google

OAuth sign-in only when you choose those providers.

OpenAI or Anthropic

Optional public assistant answer generation when configured.

Some support processors may operate in the EU, Switzerland, the United Kingdom, or the United States. Where required, we rely on contractual and regulatory safeguards such as standard contractual clauses.

08

Your rights

Depending on your location, you may request access, correction, deletion, restriction, objection, portability, or export of personal data that relates to you.

Account deletion and project cleanup workflows are supported, subject to limited retention where law, billing, security, abuse prevention, or dispute handling require it.

09

Retention

We retain data only for as long as needed to provide the service, maintain security, meet legal obligations, resolve disputes, and support billing or operational records. Customer project data can be deleted on request or account closure, subject to those limited needs.

Public assistant conversations are retained to resume support, improve the public onboarding corpus, and investigate abuse. You can request deletion of assistant contact details or conversation data that relates to your email address.

10

Cookies and local storage

Snipara uses a limited set of cookies or comparable storage mechanisms for sessions, authentication, preferences, reliability, and abuse prevention. Where consent is legally required, we request it.

The public assistant uses the snipara_public_assistant cookie for conversation continuity. When you choose remember, the cookie can persist for up to 180 days; otherwise it is used as a session cookie.

11

Contact

Privacy questions or rights requests can be sent to privacy@starbox-group.com. You can also write to STARBOX GROUP GMBH, Chemin du Pre-Guillot 9, 1288 Aire-la-Ville, Switzerland.

For security issues, use security@starbox-group.com.

Related trust page

Privacy explains personal data practices. Trust explains the operational security boundary for Project Intelligence.

Open trust page