Updated: April 10, 2026

Privacy policy

SnapSense iOS App

Controller: Vilgot Lindqvist, Sweden

Privacy policy for another app

This Privacy Policy describes how Vilgot Lindqvist ("I", "me", or "my"), operating as a sole trader registered in Sweden, collects, uses, and shares information when you use the SnapSense mobile application ("the App") on your Apple device. By using the App, you agree to the terms of this Privacy Policy.

1. Who Is Responsible for Your Data

Data Controller

Vilgot Lindqvist
Sole trader, Sweden

Email: info@lindqvst.dev

If you have any questions or requests regarding your personal data, please contact me at the email address above.

2. What Data Is Collected and Why

2.1 Photos and Images

When you use SnapSense to analyze an object, you either capture a photo using your device camera or select an image from your photo library. This image is:

  • Converted to a compressed JPEG format on your device.
  • Transmitted securely over HTTPS (TLS encryption) to my Cloudflare Worker (a backend service I operate).
  • Not stored on my servers. The image is processed transiently and discarded after the analysis is complete.

The image is then forwarded from my Cloudflare Worker to OpenAI's API to perform the AI analysis (weight estimation, dimension measurement, object counting, or color detection). OpenAI processes the image solely to return the analysis result.

Legal basis (GDPR): Performance of the service you requested — Article 6(1)(b)

Note on OpenAI

OpenAI is an independent data processor with its own privacy practices. According to OpenAI's API usage policy, data submitted via the API is not used to train their models by default. You can review OpenAI's privacy policy at openai.com/policies/privacy-policy.

2.2 Analysis Mode and Unit Preference

When you submit a photo for analysis, the App sends the selected analysis mode (weight, dimensions, count, or color palette) and your preferred unit system (metric or imperial). These values are not personal data and contain no identifying information.

2.3 Data Stored Locally on Your Device

The following data is stored only on your device and is never sent to me:

Data Storage Location Purpose
Unit preference (metric / imperial) UserDefaults Remember your preferred unit system
Onboarding completion flag UserDefaults Avoid showing onboarding repeatedly
Number of analyses performed Device Keychain Enforce the free-tier usage limit

This data never leaves your device and is not accessible to me.

2.4 Subscription and Purchase Information

SnapSense offers a premium subscription for unlimited use. All payment processing is handled exclusively by Apple through the App Store. I do not receive, store, or process your payment details, Apple ID, or billing information. Subscription status (active or inactive) is verified locally via Apple's StoreKit framework.

3. Third-Party Services

All third-party processors listed below are contractually required to protect your data to at least the same standard described in this Privacy Policy, and may only process your data in accordance with my instructions and applicable law.

3.1 Cloudflare Workers (Infrastructure)

My backend service runs on Cloudflare's infrastructure. Cloudflare may process request metadata (such as IP addresses) as part of routing and security. Cloudflare is GDPR-compliant and has signed a Data Processing Addendum. See Cloudflare's Privacy Policy.

3.2 OpenAI

Images you submit for analysis are processed by OpenAI's API. OpenAI acts as a data processor under my instructions. See OpenAI's Privacy Policy.

3.3 Superwall

The App uses SuperwallKit to manage the premium paywall experience. Superwall's SDK automatically collects the following data to power paywall analytics and subscription management:

  • Paywall interaction events — when a paywall is shown, dismissed, or a purchase is initiated or completed (including abandoned paywall views).
  • Subscription and purchase events — subscription status, transaction outcomes, and product selections.
  • Device information — device model, OS version, app version, SDK version, interface preferences (e.g., dark mode), network type, and a vendor identifier (vendorId).
  • App usage metrics — app install date, days since install, total paywall views, and first-open status.
  • IP-derived location — approximate region, country, city, continent, and timezone derived from your IP address.

Superwall does not collect your name, email address, or payment details, and does not use this data for advertising purposes. See Superwall's Privacy Policy.

3.4 Apple App Store

Subscription management and purchases are handled by Apple. Apple's privacy practices are described in Apple's Privacy Policy.

4. Data I Do Not Collect

I do not collect:

  • Your name, email address, or any account information.
  • Your precise location or GPS data. Superwall may derive approximate location from your IP address as described in Section 3.3.
  • Device identifiers or advertising IDs (IDFA) directly. Superwall may collect a vendor identifier (vendorId) as described in Section 3.3.
  • Crash reports or analytics telemetry directly. Superwall may collect anonymized paywall interaction events as described in Section 3.3.
  • Any data from your contacts, calendar, microphone, or health sensors.

5. Device Permissions

The App requests the following device permissions:

Permission Purpose
Camera To capture photos of objects for analysis
Photo Library To select existing photos from your library for analysis

You can revoke these permissions at any time in your device's Settings app. If camera access is revoked, the core functionality of the App will not be available.

6. Data Security

All data transmitted between the App and my backend is encrypted in transit using TLS (HTTPS). Images are never written to disk on my servers and are discarded immediately after the analysis result is returned. Local device data is stored in iOS system-managed locations (UserDefaults and Keychain) which are protected by the device's built-in security controls.

7. Data Retention and Deletion

  • Images: Never stored on my servers. They are processed transiently and immediately discarded after the analysis result is returned.
  • Local device data: Retained on your device until you delete the App or clear its data in iOS Settings.
  • Superwall events: Retained according to Superwall's own data retention policy.
  • Cloudflare logs: Retained for a limited period as described in Cloudflare's privacy policy (typically used for security and abuse prevention).

To request deletion of any data I hold about you, contact me at info@lindqvst.dev. Because the App does not collect personally identifiable information (images are discarded immediately after analysis), most deletion requests will be confirmed as no data existing to delete. I will respond within 30 days.

8. Your Rights Under GDPR

As a resident of the European Union (or EEA), you have the following rights regarding your personal data:

  • Right of access — You may request a copy of any personal data I hold about you.
  • Right to rectification — You may request correction of inaccurate data.
  • Right to erasure — You may request deletion of your personal data ("right to be forgotten").
  • Right to restriction — You may request that I limit how I process your data.
  • Right to data portability — You may request your data in a structured, machine-readable format.
  • Right to object — You may object to processing based on legitimate interests.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Because the App does not collect personally identifiable information (other than images processed transiently), most of these rights are limited in practical scope. To exercise any right, contact me at info@lindqvst.dev. I will respond within 30 days.

8.1 Right to Lodge a Complaint

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection:

Integritetsskyddsmyndigheten (IMY)

Box 8114, 104 20 Stockholm, Sweden
Website: www.imy.se
Email: imy@imy.se

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you additional rights:

  • Right to know — You may request disclosure of the categories and specific pieces of personal information collected about you.
  • Right to delete — You may request deletion of personal information I have collected from you, subject to certain exceptions.
  • Right to correct — You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — I do not sell or share your personal information with third parties for cross-context behavioral advertising.
  • Right to non-discrimination — I will not discriminate against you for exercising any of your privacy rights.

Because SnapSense does not collect personally identifiable information (images are processed transiently and not retained), most of these rights have limited practical scope. To submit a request, contact me at info@lindqvst.dev.

10. United Kingdom

If you are located in the United Kingdom, your data is protected under the UK GDPR and the Data Protection Act 2018. You have the same rights described in Section 8 above. The supervisory authority in the UK is the Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: ico.org.uk
Phone: 0303 123 1113

11. Other Regions

Regardless of where you are located, I am committed to handling your data responsibly and in accordance with applicable local privacy laws. If you have questions about your rights under the laws of your country or region, please contact me at info@lindqvst.dev and I will do my best to assist you.

12. International Data Transfers

Images you submit are processed via Cloudflare's infrastructure and OpenAI's API, which may involve transfers to servers located outside the European Economic Area (EEA), including the United States.

  • Cloudflare participates in the EU Cloud Code of Conduct and has executed Standard Contractual Clauses (SCCs) to safeguard data transfers.
  • OpenAI has executed SCCs for data transfers from the EEA to the United States.

These measures ensure your data remains protected in accordance with GDPR.

13. Children's Privacy

SnapSense is not directed at children under the age of 13 (or under 16 in the EU where applicable). I do not knowingly collect personal data from children. If you believe a child has provided personal data through the App, please contact me at info@lindqvst.dev and I will take steps to delete such information.

14. Changes to This Privacy Policy

I may update this Privacy Policy from time to time. When I do, I will update the "Last updated" date at the top of this document. Continued use of the App after changes are posted constitutes your acceptance of the revised policy. For material changes, I will make reasonable efforts to notify you (e.g., via an in-app notice).

15. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data — including requests to revoke consent or delete your data — please contact:

Vilgot Lindqvist

Email: info@lindqvst.dev

I aim to respond to all privacy-related requests within 30 days.

This privacy policy applies to the SnapSense iOS application published on the Apple App Store.