Privacy Policy

Last updated: April 25, 2026

This Privacy Policy explains how SNAYR ("we", "our", "us") collects, uses, and protects your personal information when you use snayr.dev ("the Service"). It is written to comply with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, the California Consumer Privacy Act (CCPA / CPRA), and the US CAN-SPAM Act.

If you do not agree with this policy, do not use the Service.

1. Who we are (Data Controller)

SNAYR is the data controller responsible for your personal data. You can reach us at hello@snayr.dev. Postal address is provided in every email we send to you.

2. What data we collect

When you submit our email form, we collect:

Email address — required to send you the Field Manual and the weekly threat brief.
Consent record — timestamp and source of your opt-in (audit trail required by GDPR Article 7).
IP address — for fraud prevention and abuse detection.
User-Agent (browser/device string) — for fraud prevention and analytics.
Signup source — which page/campaign you signed up from.

We do not collect names, phone numbers, payment data, location, or any "special category" data (health, biometrics, political opinions, etc.).

3. Why we process your data (Legal basis)

Consent (GDPR Art. 6(1)(a)) — you ticked the consent checkbox to receive the Field Manual and our weekly emails. You can withdraw consent at any time.
Legitimate interest (GDPR Art. 6(1)(f)) — IP / User-Agent are processed to prevent abuse, spam signups, and to keep the service secure.
Legal obligation (GDPR Art. 6(1)(c)) — we keep a record of your consent to comply with our regulatory obligations.

4. How long we keep it

While you are subscribed: indefinitely, until you unsubscribe.
After you unsubscribe: we keep a suppression record (your email + unsubscribe timestamp) for up to 3 years to ensure we do not contact you again. All other data (IP, UA, signup metadata) is deleted within 30 days of unsubscribing.
You can request earlier deletion at any time (see Section 7).

5. Who we share it with (Sub-processors)

We never sell your data. We share it only with the following service providers, each bound by data processing agreements:

MongoDB Atlas (MongoDB, Inc., USA) — database storage. Privacy policy.
Resend (Resend, Inc., USA) — email delivery. Privacy policy.
Vercel (Vercel Inc., USA) — website hosting and serverless compute. Privacy policy.

Data may be transferred to and processed in the United States. Transfers from the EEA / UK rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK addendums.

6. Cookies & tracking

The marketing site does not set tracking cookies. We do not use Google Analytics, Meta Pixel, or similar third-party trackers. If we add analytics in the future, we will update this policy and obtain consent where required.

7. Your rights

Under GDPR, UK GDPR, and CCPA / CPRA you have the following rights regarding your personal data:

Access — get a copy of the data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure ("right to be forgotten") — ask us to delete your data.
Restriction — ask us to stop processing while a dispute is resolved.
Portability — get your data in a machine-readable format.
Object — opt out of processing based on legitimate interest.
Withdraw consent — at any time, by clicking unsubscribe in any email or emailing us.
Do Not Sell / Share (CCPA) — we do not sell or share personal information; this right is honored by default.
Lodge a complaint — with your local supervisory authority. EU residents can find theirs here.

To exercise any right, email hello@snayr.dev. We respond within 30 days (GDPR) or 45 days (CCPA).

8. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has submitted information, contact us and we will delete it.

9. Security

We use TLS encryption in transit, encrypted storage at rest, and access controls limited to the operator. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you within 72 hours per GDPR Article 33.

10. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email to active subscribers.

11. Contact

Questions or requests: hello@snayr.dev