A simpler privacy policy, with the operational facts kept visible.

This policy applies to Snipara's website, hosted API, MCP endpoints, and related support workflows. It is intended to satisfy the main disclosure duties under the Swiss Federal Act on Data Protection, the GDPR where applicable, and related data protection laws.

The service is operated by STARBOX GROUP GMBH, CHE-326.317.262, Chemin du Pré-Guillot 9, 1288 Aire-la-Ville, Switzerland.

For privacy requests, contact privacy@starbox-group.com.

• Account data such as email address, name, and optional OAuth profile data.
• Workspace and project data you choose to upload or connect.
• Operational metadata such as timestamps, request counts, token usage, and service errors.
• Billing and invoicing data when paid plans are used.
• Security and abuse-prevention signals needed to protect the service and your account.

We design the service to avoid collecting more narrative content than needed for the retrieval and runtime features you explicitly use.

• To authenticate users and operate accounts and projects.
• To index project content and return relevant context through Snipara tools.
• To maintain reviewed memory, shared context, and continuity features.
• To secure the service, detect abuse, and investigate incidents.
• To process payments, support requests, and product communications.
• To comply with legal obligations and enforce our terms.

Where GDPR applies, our main legal bases are contract performance, legitimate interests in operating and securing the service, consent where it is requested, and legal obligations where they apply.

We do not sell customer data and we do not use customer project content to train our own general-purpose models. If you connect a third-party model provider in your own stack, that provider's terms and controls remain relevant for the prompts you send to it.

The core Snipara application stack is hosted in Switzerland. Depending on the feature used, we also rely on specialized processors for support functions such as payments, outbound email, error monitoring, authentication, and managed cache infrastructure.

• Infomaniak for hosted application infrastructure.
• Vaultbrix PostgreSQL for primary data storage.
• Managed Redis for cache and related runtime support.
• Sentry for error monitoring.
• Stripe for billing and payment processing.
• Resend for transactional email.
• GitHub or Google when you choose OAuth sign-in.

Some supporting processors may operate in the EU or the United States. When that happens, we rely on the processor's contractual and regulatory safeguards, including standard contractual clauses where relevant.

You may have the right to request access, correction, deletion, restriction, objection, or export of personal data that relates to you.

We also support account deletion and related cleanup workflows. Some records may need to be retained longer where law, billing, or security duties require it.

We retain data only for as long as it is needed to provide the service, meet legal obligations, resolve disputes, and maintain security records. Customer project data can be deleted on request or by account closure, subject to limited operational and legal retention needs.

We use a limited set of cookies or comparable storage mechanisms to keep sessions working, support authentication, and improve product reliability. We do not use this page as consent theater; where consent is legally required, we request it.

Snipara is not intended for children under 16, and we do not knowingly target the service to children.

We may update this policy when the product, infrastructure, or legal obligations change. Material changes will be reflected here with an updated revision date.

Privacy questions or rights requests can be sent to privacy@starbox-group.com. You can also write to STARBOX GROUP GMBH, Chemin du Pré-Guillot 9, 1288 Aire-la-Ville, Switzerland.