Privacy Policy

1. Who We Are

AdsNord Snap is a white-label photo magnet ordering SaaS platform. We operate the platform that enables magnet business owners to create branded landing pages, accept customer orders, and manage fulfillment.

• Data Controller: AdsNord AB, registered in Skövde, Sweden
• Email: info@adsnord.com
• Location: Skövde, Västra Götaland Region, Sweden (European Union)

2. Information We Collect

From Business Owners (Account Holders):

• Business name, email address, password (hashed)
• Logo or branding image upload
• WhatsApp Business number (optional)
• Payment information (processed by Stripe — we never store card data)
• Usage data: orders created, templates used, dashboard access patterns

From End Customers (Via Business Owner's Landing Page):

• Photo uploads (stored temporarily for order fulfillment)
• Phone number (if SMS opt-in is enabled)
• Delivery address (if home delivery selected)
• Payment information (processed by Stripe — we never store card data)

Automatically Collected:

• IP address, browser type, device type, operating system
• Pages visited, time spent on page, referral source
• Cookies and local storage data (essential only)

3. How We Use Your Information

We use personal data for the following legitimate business purposes:

• Service Delivery: Creating accounts, processing orders, enabling dashboard functionality
• Payment Processing: Sending orders to Stripe for secure payment handling
• Email Communications: Sending transactional emails (welcome, order confirmations, password resets) via Resend API
• Customer Support: Responding to support inquiries and resolving issues
• Platform Improvement: Analyzing usage patterns to improve features and user experience
• Security & Compliance: Preventing fraud, enforcing terms, and complying with legal obligations
• Marketing: Sending periodic product updates and feature announcements (you can opt out at any time)

We do not use your data for automated decision-making or profiling.

4. Third-Party Services

We use the following third-party services to operate the platform. These services are GDPR-compliant and bound by data processing agreements:

• Stripe & Stripe Connect: Payment processing and merchant account setup. Stripe handles all card data directly — we never see or store card numbers.
• Resend: Transactional email delivery. Email content is logged for delivery confirmation.
• Twilio: SMS text message delivery for order notifications (SMS sent only with explicit customer consent).
• Meta WhatsApp Business API: Order completion notifications sent to customers via WhatsApp.
• Google Sheets: Optional integration for lead tracking and analytics (if enabled by you). Data is synced to your private Google account.
• Cloudflare: Infrastructure provider, CDN, and edge computing. Cloudflare processes DNS queries and caches content.

Each third-party service has its own privacy policy. We encourage you to review them directly.

5. Photos & Media

Photo handling is central to our service. Here's how we protect your images:

• Customer photos are uploaded to our R2 storage (operated by Cloudflare)
• Photos are encrypted at rest and in transit (HTTPS/TLS)
• Photos are deleted automatically 15 days after an order is marked complete
• Business owner logos are stored securely and used only to brand the owner's landing page
• Photos are never shared, sold, or used for any purpose beyond fulfilling the order

We do not claim ownership of customer photos or logos. You retain all rights to your images.

6. Data Security

We implement industry-standard technical and organisational security measures to protect your personal information:

• All data in transit is encrypted via HTTPS/TLS
• All API keys and secrets are stored as encrypted environment variables in Cloudflare Workers — never exposed in source code
• Passwords are stored using secure hashing — never in plain text in production
• Stripe handles all payment card data — we never store, transmit, or have access to card numbers, CVV codes, or full card details
• Cloudflare Workers and D1 database enforce access controls at the infrastructure level
• All Cloudflare Workers run in isolated environments with no shared memory between tenants

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly in the event of a data breach affecting your personal information.

7. Data Retention

• Demo session data: Deleted automatically after 20 minutes
• Order photos: Deleted automatically 15 days after order completion
• Active customer account data: Retained for the duration of the active subscription
• Customer account data after cancellation: Retained for up to 90 days, then permanently deleted
• Order records (metadata only, no photos): Retained for up to 3 years for legal and business record-keeping purposes
• Contact form submissions: Retained for up to 1 year
• Lead tracking data: Retained for up to 2 years for business development

You may request deletion of your data at any time by contacting us at info@adsnord.com. We will process deletion requests within 30 days.

8. Your GDPR Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Sweden, you have the following rights under the General Data Protection Regulation (GDPR):

To exercise any of these rights, contact us at info@adsnord.com. We aim to respond within 30 days (or within 2 business days for urgent requests).

9. International Data Transfers

AdsNord is based in Sweden (European Union). Our servers and data centers are located within the EU, ensuring your data is processed and stored within the EU/EEA.

If we transfer data outside the EEA in the future (e.g., to the United States), we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or your explicit consent.

10. Cookies & Local Storage

Essential Cookies (No Consent Required):

• Session cookies for authentication (logged-in users)
• CSRF protection tokens
• Language and theme preferences

Local Storage:

• Temporary order data (photo uploads, template selections) during checkout — cleared after order completion or page refresh

Because we use only essential storage (no tracking or advertising cookies), we are not required to show a cookie consent banner under GDPR. If we add non-essential cookies in future, we will update this policy and implement appropriate consent mechanisms.

11. WhatsApp Communications

AdsNord uses the Meta WhatsApp Business API to send automated order completion notifications. Here is what you should know:

• Notifications are sent from the business owner's registered WhatsApp Business number to end customers
• Messages are triggered only when a business owner clicks "Mark Complete" on an order
• Message content is limited to order completion status and is pre-approved by Meta
• Customer phone numbers are only used for this specific notification purpose
• We do not send marketing messages via WhatsApp
• End customers can block or opt out of WhatsApp messages at any time through WhatsApp itself

12. SMS & Text Messaging

AdsNord may send SMS text messages to your phone number for transactional purposes only, including:

• Order status updates and confirmations
• Magnet order pickup/delivery notifications
• Account-related alerts and important notices

Consent: We only send SMS messages to customers who have explicitly opted in during checkout. A customer must check the "I consent to receive SMS text messages about my order status updates" checkbox before placing an order.

Frequency: You will receive one SMS per transactional event (e.g., order confirmation, order ready). We do not send marketing or promotional SMS messages.

Opt-Out: You can opt out of SMS messages at any time by replying "STOP" to any message. Opting out does not affect your ability to use AdsNord services, but you will no longer receive text message notifications.

Data & Retention: Phone numbers provided for SMS are stored securely and are never shared with third parties except our SMS service provider (Twilio) for the purpose of message delivery. Phone numbers are deleted when your account is closed or upon your request.

Standard Charges: Standard SMS rates from your carrier may apply.

13. Children's Privacy

Our services are intended for use by businesses and adults aged 18 and over. We do not knowingly collect personal information from individuals under 16 years of age.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at info@adsnord.com. We will promptly delete any such data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

• Update the "Last updated" date at the top of this page
• Send an email notification to active subscribers
• Display a notice on our platform for at least 30 days before changes take effect (for material changes)

We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

AdsNord is the data controller for personal information collected through our platform. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection contact:

• Email: info@adsnord.com
• WhatsApp: +46 764 304 702
• Book a call: calendly.com/md-motiur52/snap-meet
• Location: Skövde, Sweden (European Union)

We aim to respond to all enquiries within 2 business days and all formal GDPR requests within 30 days.