SnapbookSnapbook

Privacy Policy

Last updated: June 10, 2026

This Privacy Policy explains how One identity investments ("we", "us", "our") collects, uses and shares personal data when you use our document scanning service (the "Service"). One identity investments is the data controller for the personal data described below.

1. Personal data we collect

  • Account data — email address, password hash, sign-in provider (e.g. Google), account creation date.
  • Document content — images you upload and the structured data we extract from them (vendor, totals, line items, dates, etc.).
  • Usage data — scan counts, feature usage, error logs, device/browser information, IP address.
  • Payment data — purchase history, plan and credit balance. We do not see or store your card details — those are handled exclusively by our payment provider, Paddle.

2. How we use it

  • To provide, operate and improve the Service (process scans, manage credits, send transactional emails);
  • To prevent fraud and abuse and to keep accounts secure;
  • To comply with legal obligations (e.g. tax, accounting);
  • To respond to your support requests.

We do not sell your personal data, ever. We do not use document content to train AI models.

3. Data sharing

We share personal data only with the following recipients, under written contracts:

  • Paddle.com Market Limited — our Merchant of Record. Handles payments, billing, taxes, refunds and dispute resolution. See Paddle's privacy notice.
  • Supabase, Inc. — authentication and database/storage hosting.
  • AI sub-processors used to extract data from your uploaded images. Images are sent over an encrypted connection and are not retained by the AI provider beyond what is needed to return a response.
  • Google LLC — only when you choose to sign in with Google.

4. International transfers

Our sub-processors may process data in the United States and other jurisdictions. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards.

5. Retention

  • Account, scans and purchase data: kept while your account is active.
  • If you request account deletion: data is retained for a 30-day grace period during which you can cancel, then permanently deleted.
  • Some records (e.g. invoices) may be retained longer where required by law.

6. Your rights

Depending on your jurisdiction (e.g. GDPR / UK GDPR / CCPA) you have rights to access, correct, delete, port and object to processing of your personal data. Most of these can be exercised directly from your Account page. For anything else, email admin@one1dentity.com.

7. Security

We use encryption in transit (TLS) and at rest, scoped access controls and Row-Level Security on user data. No system is perfectly secure — please use a strong, unique password.

8. Cookies

We use strictly necessary cookies and local storage to keep you signed in and remember preferences. We do not use advertising or cross-site tracking cookies.

9. Children

The Service is not directed to children under 16. Do not use the Service if you are under 16.

10. Changes & contact

We may update this Policy from time to time; material changes will be announced in-app. Questions? admin@one1dentity.com.