Privacy Policy

Controller: Moss Studios d/b/a Snitchnotes

Primary Contact (privacy): hello@mosslabs.co

Backup Contact / Support: contact@mosslabs.co

Address: 2803 Philadelphia Pike, Suite B #1702, Claymont, DE 19703, USA

If you are an EU/EEA resident and would like to contact our Data Protection Officer (if applicable) or exercise GDPR rights, contact hello@mosslabs.co.

This Policy applies to personal information collected by Snitchnotes in connection with the Service. It does not apply to information collected by third parties (including through third-party websites or services linked from the Service) or to information collected offline unless we state otherwise. Separate terms or policies may apply to specific features.

Personal Data / Personal Information: Any information that identifies or can reasonably be associated with an identified or identifiable individual.

User Content: Content you upload, submit, store, or generate via the Service (e.g., PDFs, audio files, notes, quiz results, transcripts).

AI Providers / AI Processors: Third-party providers engaged to process or analyze User Content using machine learning or generative AI models (examples listed in Section 8).

Service Providers: Third parties that perform services on our behalf (hosting, authentication, payments, analytics, email, etc.).

We collect personal information in the following categories:

We process Personal Information for the following purposes and with the following lawful bases (where applicable):

Providing and operating the Service: account creation, authentication, storage and retrieval of User Content, generating AI summaries/quizzes — lawful basis: performance of a contract.

AI processing of User Content: to generate summaries, quizzes, transcripts, or other AI outputs as requested by you — lawful basis: performance of a contract and/or your consent.

Billing & payments: to process subscriptions and refunds — lawful basis: performance of a contract and compliance with legal obligations.

Communications & support: to respond to inquiries and send transactional or security messages — lawful basis: legitimate interest / performance of a contract.

Research, product improvement & analytics: to improve features and perform internal research (including model improvements where permitted) — lawful basis: legitimate interests (balanced against your rights).

Fraud detection & security: to prevent abuse and secure the Service — lawful basis: legitimate interests and compliance with legal obligations.

Legal compliance: to comply with legal obligations and law enforcement requests — lawful basis: compliance with legal obligations.

Marketing (where you consent): to send promotional messages and newsletters — lawful basis: consent.

If we rely on consent for specific processing, you may withdraw consent at any time (see Section 16).

We disclose Personal Information to the following categories of recipients:

Because Snitchnotes is an AI-driven product, this section describes how we handle AI processing and the safeguards we implement.

Your information may be processed or stored in the United States or in other jurisdictions where our service providers operate. Where we transfer Personal Information from the EEA/UK/Switzerland to countries that do not have an adequacy decision, we implement appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and additional technical and organizational measures. By using the Service, you consent to such transfers.

We retain Personal Information only as long as necessary for the purposes set out in this Policy, or as required by law:

Account data & User Content: retained while your account exists and for a reasonable period thereafter (typically up to 30 days after deletion) unless otherwise requested or required to be retained for legal reasons. You may request deletion; see Section 16.

Backups & logs: infrastructure backups and logs may be retained for up to 180 days or longer if required for legal, audit, or security purposes.

Analytics & aggregated data: retained in de-identified or aggregated form for product improvement indefinitely.

Billing & transaction records: retained for up to 7 years for tax and accounting compliance unless law requires otherwise.

If you request deletion of your account and data, we will delete or anonymize data within a reasonable time frame, except for data we are required to retain (e.g., for fraud prevention or legal compliance).

We implement commercially reasonable administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of Personal Information. Examples include encryption in transit (TLS), access controls, periodic security testing, and vulnerability management.

Important: No system is completely secure. We cannot guarantee absolute security. If we become aware of a data breach that affects your rights or your Personal Information, we will notify you and regulators as required by applicable law.

We and third-party partners use cookies, web beacons, local storage and similar technologies to provide and improve the Service, analyze usage, and deliver personalized content or advertising. Cookies fall into categories:

Strictly necessary cookies — required for core functionality.

Performance & analytics cookies — to measure and analyze use.

Advertising & targeting cookies — to provide tailored ads (only if you opt in where required).

You may control cookie settings via your browser or device settings and, where applicable, our cookie consent tool. Disabling some cookies may affect functionality.

The Service is not directed to children under 13. We do not knowingly collect Personal Information from children under 13. If you believe we have collected data from a child under the applicable minimum age, please contact hello@mosslabs.co and we will take steps to delete that data. If your institution requires higher minimum ages, you must comply with that policy.

We may use automated processing (including AI) to provide features (e.g., generate recommendations, quiz difficulty adjustments). The outputs are intended to assist and are not final determinations of legal rights or eligibility. If you are an EU/EEA resident and would like to object to automated decision-making that produces legal or similarly significant effects, contact hello@mosslabs.co to request human review.

To protect privacy and security, we may ask for information to verify identity before fulfilling a data rights request. We will only request information reasonably necessary for verification.

Submit requests to: hello@mosslabs.co. For account or billing support use hello@mosslabs.co. Include a description of the requested action and your account details. We will respond within applicable legal timeframes (e.g., 30 days under GDPR; 45 days under CCPA/CPRA with extensions where permitted). We may decline requests that are manifestly unfounded or excessive.

By using the Service, you agree your data may be transferred to and processed in jurisdictions other than your country (including the USA). Where required by law we implement safeguards such as Standard Contractual Clauses, Binding Corporate Rules, or other lawful transfer mechanisms. Contact hello@mosslabs.co for a copy of the safeguards.

We enter into Data Processing Agreements (DPAs) with vendors acting as processors. A non-exhaustive list of subprocessor categories and primary vendors is available upon request by contacting hello@mosslabs.co. We will provide at least 30 days' notice for the addition of new essential subprocessors where required by contract or law.

If Snitchnotes is involved in a corporate transaction (merger, sale, acquisition, bankruptcy), Personal Information may be transferred as part of the transaction. We will notify affected users where required by law.

The Service may contain links to third-party websites, plugins, or services. This Policy does not apply to third parties. We encourage you to review the privacy policies of third parties before providing them with Personal Information.

We may update this Policy from time to time. For material changes, we will notify you by in-app notice, email, or conspicuous notice on the Service before the change takes effect. The "Last Updated" date at the top reflects the effective date.

If you are in the EU/EEA/UK and believe we have not addressed your privacy concern, you have the right to lodge a complaint with your local supervisory authority.

We strive to protect your privacy but cannot guarantee absolute security. We recommend you avoid uploading extremely sensitive personal information (e.g., social security numbers, health records) unless strictly necessary and legally permitted.

This list is illustrative and may change; contact hello@mosslabs.co for the current list and DPA details.

Infrastructure & Storage: Supabase, Fly.io, Google Cloud Platform (GCP)

Authentication: Google OAuth, Supabase Auth

AI / ML / Inference / Speech: OpenAI (ChatGPT / GPT family), Anthropic (Claude), Google (Gemini), Meta (Llama and Llama-based services), Llama-hosting vendors, ElevenLabs (text-to-speech / speech-to-text), and other specialized AI providers and model hosts.

Payments & Billing: Stripe, Apple App Store, Google Play Billing

Email & Notifications: Third-party email providers (e.g., SendGrid, Postmark)

Analytics & Monitoring: Google Analytics, analytics and crash reporting tools (names may vary)

Customer Support: Support ticketing and CRM platforms

We require subprocessors to maintain appropriate safeguards. Where an AI provider's policy permits or requires retention or use of data for model improvement, we will disclose such practices on request and seek contractual assurances where feasible.

You should avoid uploading sensitive personal information (e.g., health data, biometric identifiers, government ID numbers). We do not seek or intend to collect special category data. If we are required to process such data (e.g., under specific user instructions), we will obtain explicit consent where required by law and implement heightened security safeguards.

For privacy inquiries, DPA requests, data subject requests, or to request a list of subprocessors or copies of DPAs/SCCs, contact: hello@mosslabs.co

If you do not receive a response within a reasonable period, you may also contact contact@mosslabs.co.

This Policy is effective as of the "Last Updated" date at the top of this page.