← Back

Legal

Privacy Policy (GDPR)

Data controller

SnapStranger acts as data controller within the meaning of the GDPR for the data collected on the platform.

Data collected

Email and password (encrypted), identity verification artifacts (processed via our KYC partner — stored only as hashes after verification), profile data (username, gender, orientation, age range), payment metadata (Stripe customer / subscription IDs, status), and ephemeral interaction data.

Legal basis

Contract performance (Article 6.1.b GDPR), consent (Article 6.1.a) for non-essential processing, and legal obligation (Article 6.1.c) for KYC.

Retention

Identity verification hashes are kept for the duration of the account plus 5 years for legal compliance. Photo exchange data is automatically deleted after viewing. SnapWorld posts auto-expire after 24h.

Your rights

You may access, rectify, erase, restrict, port or object to your data, and lodge a complaint with your national supervisory authority. Contact: privacy@snapstranger.example.

Sharing

We never sell personal data. We share only what is strictly necessary with Stripe (payments) and our KYC provider.

Cookies

Essential cookies only (authentication, fraud prevention).

Made with Emergent