Privacy Policy

Last updated: 25 February 2026

SnipCMS ("we", "us", "our") is operated by a sole trader based in the United Kingdom. This policy explains what personal data we collect, why we collect it, and how we protect it.

1. Data we collect

We collect the minimum data needed to provide the service:

• Account data — email address and password (hashed) when you register.
• Site content — text, images, and revision history that you or your team members save through SnipCMS.
• Billing data — if you subscribe to a paid plan, payment is handled by Stripe. We do not store your card details. Stripe's privacy policy applies to payment processing.
• Usage data — we use Google Analytics (with cookie consent) to understand how visitors use our website. This may include IP address, browser type, pages visited, and referring URL.
• Cookies — see our Cookie Policy for details.

2. How we use your data

• To provide, maintain, and improve the SnipCMS service.
• To process payments and manage subscriptions via Stripe.
• To send transactional emails (account confirmation, password resets, team invitations).
• To respond to support requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Lawful basis for processing

Under UK GDPR, we process your data on the following bases:

• Contract — processing necessary to provide the service you signed up for.
• Legitimate interest — improving the service, preventing abuse, and basic analytics.
• Consent — for non-essential cookies (Google Analytics). You can withdraw consent at any time by clearing your cookies.

4. Data storage and security

Your data is stored on servers located in the United States. We use HTTPS encryption for all data in transit and passwords are hashed using bcrypt. Access to production systems is restricted to the service operator.

5. Data retention

• Account data — retained while your account is active. Deleted within 30 days of account deletion.
• Site content and revisions — retained while the site exists. Deleted when the site is removed.
• Analytics data — governed by Google Analytics' retention settings (currently 14 months).

6. Third-party processors

We use the following third-party services to operate SnipCMS:

• Stripe — payment processing (Stripe Privacy Policy)
• Google Analytics — website analytics, with consent (Google Privacy Policy)

7. Your rights

Under UK GDPR, you have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your account and associated data.
• Export your data in a portable format.
• Object to processing based on legitimate interest.
• Withdraw consent for cookie tracking at any time.

To exercise any of these rights, email hello@snipcms.com.

8. International transfers

Your data may be transferred to and processed in the United States (where our servers and third-party processors are located). We rely on appropriate safeguards including standard contractual clauses where applicable.

9. Children

SnipCMS is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated "last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.

11. Contact

If you have questions about this privacy policy or your data, contact us at hello@snipcms.com.