GDPR & Data Processing

Your data rights and our processing practices under GDPR

Data Protection Overview

ViralSnap is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains your rights and how we process your personal data.

GDPR
Compliant
Data
Encrypted
Rights
Protected

Your Data Rights

Right of Access

Request a copy of all personal data we hold about you.

  • Complete data export in machine-readable format
  • Processing purposes and legal basis
  • Data retention periods
  • Third-party data sharing information

Right to Portability

Receive your data in a structured, commonly used format.

  • JSON/CSV format data export
  • Direct transfer to another service
  • Account data and generated content
  • Processing history and preferences

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

  • Complete account deletion
  • Removal of all stored content
  • Deletion from backup systems
  • Confirmation of data removal

Right to Rectification

Correct inaccurate or incomplete personal data.

  • Update account information
  • Correct processing errors
  • Modify preferences and settings
  • Request data correction

Data We Process

Account Management

Email, username, subscription details, and account preferences for service delivery.

Content Processing

Uploaded images, generated thumbnails, and text prompts for AI processing.

Usage Analytics

Platform usage patterns, feature interactions, and performance metrics.

Technical Data

IP addresses, device information, and browser data for security and optimization.

Legal Basis for Processing

Contract Performance

Processing necessary to provide our AI thumbnail creation services.

Legitimate Interest

Improving our services, security monitoring, and fraud prevention.

Consent

Marketing communications and optional feature participation.

Legal Obligation

Compliance with tax, accounting, and regulatory requirements.

Data Retention Periods

Account Data

  • • Active accounts: Retained while active
  • • Deleted accounts: 30 days after deletion
  • • Billing records: 7 years (legal requirement)
  • • Support communications: 2 years

Content & Processing

  • • Generated thumbnails: Until account deletion
  • • Uploaded images: 24 hours after processing
  • • Processing logs: 90 days
  • • Analytics data: 2 years (anonymized)

Data Security Measures

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed securely and rotated regularly.

Access Controls

Role-based access controls ensure only authorized personnel can access personal data. All access is logged and monitored for suspicious activity.

Incident Response

We have procedures for detecting, reporting, and investigating data breaches. Affected users will be notified within 72 hours of discovery.

Third-Party Data Processors

We use carefully selected third-party processors who meet our security standards and GDPR requirements:

Cloud Infrastructure

  • • AWS/Google Cloud (data hosting)
  • • Supabase (authentication & database)
  • • Cloudinary (image processing)

Business Services

  • • Stripe (payment processing)
  • • Resend (email delivery)
  • • Vercel (hosting & analytics)

Exercise Your Rights

To exercise your GDPR rights or make a data protection inquiry, please contact us:

Data Protection Officer: privacy@viralsnap.co.uk

General Support: support@viralsnap.co.uk

Response Time: Within 30 days for data requests

Supervisory Authority: UK Information Commissioner's Office (ICO)

Last updated: January 2025

For more information, please read our Privacy Policy and Terms of Service