Privacy Policy

Last updated: 1 May 2026

DishSnap ("we", "our", or "us") is operated by an individual data controller based in the United Kingdom. This Privacy Policy explains how we collect, use, and protect your personal data when you use getdishsnap.com (the "Service").

1. Data We Collect

We collect the following categories of personal data:

• Account data: email address and password hash when you register.
• Uploaded images: dish photos you submit for processing. These are sent to our AI provider (fal.ai) and deleted from their servers after processing.
• Payment data: handled entirely by Stripe. We never store card numbers or payment credentials.
• Usage data: number of credits purchased and used, generation history, timestamps.
• Technical data: IP address, browser type, and session cookies necessary for authentication.

2. How We Use Your Data

• To provide and improve the Service (image transformation, credit management).
• To authenticate your account and maintain your session.
• To process payments via Stripe and fulfil credit purchases.
• To send transactional emails (purchase confirmations, low-credit alerts) via Resend.
• To comply with legal obligations.

3. Legal Basis (UK GDPR)

We process your personal data on the following legal bases:

• Contract performance — to deliver the Service you signed up for.
• Legitimate interests — to detect fraud, improve reliability, and maintain security.
• Legal obligation — where required by applicable law.

4. Third-Party Services

We share data with the following processors, each bound by data processing agreements:

• Supabase — database and authentication (EU region).
• fal.ai — AI image processing. Images are transmitted over TLS and not retained after the request completes.
• Stripe — payment processing. Governed by Stripe's own privacy policy.
• Resend — transactional email delivery.
• Railway — application hosting (US region).

We do not sell your personal data to any third party.

5. Data Retention

Account data is retained for as long as your account is active. Generated images stored in your history are retained until you delete them or close your account. You may request deletion at any time (see Your Rights below).

6. Cookies

We use a single session cookie ("dishsnap_session") strictly necessary for authentication. We do not use advertising or analytics cookies. No cookie banner is displayed because we do not use non-essential cookies.

7. Your Rights

Under UK GDPR you have the right to: access your data, correct inaccurate data, erase your data, restrict or object to processing, and data portability. To exercise any right, email us at adrien.charles75@gmail.com. We will respond within 30 days.

8. Security

We use TLS for all data in transit and store passwords as salted hashes. Access to production systems is restricted and logged.

9. Changes to This Policy

We may update this policy. If changes are material we will email registered users. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

For any privacy queries: adrien.charles75@gmail.com