Legal
Privacy Policy
Last updated: April 4, 2026
Privacy is Snitch's core promise. This policy explains exactly what data we collect, what we don't, and how we handle everything.
1. Who we are
Snitch is operated by Snitch Labs. This Privacy Policy explains how we collect, use, and protect information when you use snitchlabs.io. If you have questions, contact us at [email protected].
2. The most important thing: your client data
Your clients' personal data never touches our servers. The PII token map — the lookup table that links anonymized tokens like [NAME_1] back to real names — exists only in your browser session. It is never transmitted to Snitch servers, never stored in a database, and is permanently deleted when you close the tab.
This is by design. We cannot access your clients' real names, SSNs, dates of birth, or any other PII — because we never receive it.
3. What we do collect
| Data |
Why we collect it |
How long we keep it |
| Email address |
Account creation and authentication |
Until you delete your account |
| Subscription status and plan |
Billing and access control |
Until you cancel and request deletion |
| Message count per billing period |
Usage tracking for billing |
Reset each billing cycle |
| Payment information |
Processed by Stripe — we never see card numbers |
Managed by Stripe |
4. What we do NOT collect
- The content of your chat messages
- Your clients' names, SSNs, dates of birth, or any other PII
- Your PII token map or any mapping of tokens to real values
- Browsing history or behaviour beyond basic usage counts
5. Third-party services
Snitch uses the following third-party services:
- Anthropic (Claude): Your messages are sent to Claude in anonymized form — with real PII replaced by tokens. Anthropic processes these anonymized messages according to their own Privacy Policy.
- Supabase: Handles account authentication and stores subscription data. Supabase Privacy Policy.
- Stripe: Processes payments. We never store or see your full card number. Stripe Privacy Policy.
- Vercel: Hosts the application. Vercel Privacy Policy.
6. Cookies
Snitch uses minimal cookies — only those necessary to maintain your login session. We do not use advertising cookies, tracking pixels, or analytics cookies. We do not use third-party advertising networks.
7. Data security
We take the following measures to protect your data:
- All data transmitted between your browser and our servers is encrypted via HTTPS
- Authentication is handled by Supabase with industry-standard JWT tokens
- API keys and secrets are stored as environment variables, never in source code
- Your PII never leaves your browser — the most sensitive data never reaches our infrastructure
8. Your rights
You have the right to:
- Access: Request a copy of the data we hold about you
- Correction: Ask us to correct inaccurate data
- Deletion: Ask us to delete your account and associated data
- Portability: Receive your data in a machine-readable format
To exercise any of these rights, email [email protected]. We will respond within 30 days.
9. Children's privacy
Snitch is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the product. The date at the top of this page reflects when the policy was last updated.
11. Contact
Questions or concerns about your privacy? Email us at