← BACK TO HOME

Privacy Policy

COMPANY: SnapKitty Collective
CONTACT: devops@collectivekitty.com
EFFECTIVE DATE: May 13, 2026

1. Introduction

SnapKitty Collective ("we", "us", or "our") operates the SnapKitty OS platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

2. Data We Collect

We collect the following categories of personal and operational data:

  • Account information — email address, name, organisation name, and authentication credentials.
  • Usage logs — API call timestamps, feature access patterns, error telemetry, and session metadata.
  • Plaid transaction data — bank account identifiers, transaction history, amounts, merchant names, and categories fetched via Plaid Link with your explicit consent.
  • CRM and financial records — deal data, vendor records, procurement activity, and GL entries you create within the platform.
  • Cryptographic audit trail — SHA-256 decision seals and Merkle roots generated from your transactions, stored in WORM-protected Azure Blob Storage.

3. Retention Periods

Data TypeRetention PeriodStorage Layer
Account information5 years after account deletionNeon Postgres
Usage logs90 days rollingVercel / application layer
Plaid transaction data7 years (2,555 days)Azure WORM Blob Storage
WORM ledger entries7 years — immutableAzure Immutable Blob Storage
CRM & GL records7 yearsNeon Postgres + Azure WORM
Cryptographic sealsPermanent — cannot be deletedAzure WORM Blob Storage

4. How We Use Your Data

  • To provide, operate, and improve the SnapKitty OS platform.
  • To generate cryptographic decision seals and maintain immutable audit trails.
  • To run ML-based risk scoring on financial transactions.
  • To route events through the Bifrost pipeline for compliance monitoring.
  • To respond to support requests and communicate service updates.

5. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access — Request a copy of all personal data we hold about you.
  • Deletion — Request deletion of your account data. Note: WORM ledger entries and cryptographic seals cannot be deleted due to immutability guarantees required for compliance.
  • Portability — Receive your data in a machine-readable format (JSON or CSV).
  • Rectification — Request correction of inaccurate personal data we hold.
  • Objection — Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at devops@collectivekitty.com.

6. Third-Party Services

ProviderPurposeData Shared
PlaidBank account connection & transaction importAccess tokens, transaction data
Microsoft AzureWORM blob storage, immutable ledgerSealed transaction records
Neon TechnologiesPostgres database hostingCRM, procurement, GL records
VercelApplication hosting & CDNUsage logs, request metadata
Upstash QStashEvent message queueEvent payloads (no PII)

7. Security

All financial records are cryptographically sealed with SHA-256 and stored in Azure Immutable Blob Storage with a 7-year retention policy. WORM-protected data cannot be modified or deleted by any party, including SnapKitty Collective. We use TLS in transit and AES-256 at rest for all other data.

8. Changes to This Policy

We may update this policy periodically. We will notify registered users of material changes via email at least 14 days before they take effect. The effective date above reflects the most recent revision.

9. Contact

For privacy-related requests or questions, contact:
devops@collectivekitty.com
SnapKitty Collective