Privacy Policy

Overview

Snovai ("we", "our", "us") operates a Chrome extension and associated web services. This Privacy Policy explains what personal and sensitive data we collect, how we use it, how it is stored, and who it is shared with. By using Snovai you agree to the collection and use of information in accordance with this policy.

1. Personal and Sensitive Data We Collect

We collect and handle the following personal and sensitive user data:

Account data: Your email address and name when you create a Snovai account. This is used for authentication, account management, and product communications including welcome emails, trial reminders, and billing notifications.

ServiceNow instance credentials: Your ServiceNow instance URL, service account username, and service account password. These credentials are sensitive data used solely to connect Snovai to your ServiceNow instance on your behalf. They are encrypted with AES-256-GCM and stored locally in your browser using Chrome local storage scoped to your Snovai user ID. They are never transmitted to or stored on our servers in plain text.

Conversation history: The text of your conversations with Snovai including your messages and Snovai responses. This is stored in our database tied to your user ID to provide session continuity across devices.

ServiceNow instance data: When you ask Snovai to query your ServiceNow instance, data from your instance is fetched in real time and sent to our AI engine to generate a response. This data is processed transiently and is not stored in our database after the response is generated.

Chrome extension activation: The Snovai Chrome extension only activates on ServiceNow instance domains that you configure in the extension settings. It does not collect browsing data, page content, or any information from any other websites you visit.

Page context and screenshots: When you use the Snap Issue feature or attach a screenshot, content from your active ServiceNow browser tab is captured and sent with your message to provide context for the AI response. This data is processed transiently and is not stored after the response is returned.

2. How We Use Your Data

We use the data we collect for the following purposes only:

Account data is used to authenticate you, manage your subscription, and deliver transactional communications such as account activation, trial reminders, and billing receipts. We do not use your email for marketing without your consent.

ServiceNow credentials are used solely to make read-only API calls to your ServiceNow instance when you request live data. They are never used for any other purpose and are never accessible to our staff.

Conversation history is stored to allow you to resume sessions and maintain context across conversations. It is never analyzed for advertising, sold to third parties, or used to train AI models.

ServiceNow instance data and page context are used transiently to generate AI responses. They are not stored, indexed, or used for any purpose beyond generating the immediate response you requested.

3. Data Storage and Security

ServiceNow credentials are encrypted with AES-256-GCM and stored in Chrome local storage on your local device scoped to your Snovai user ID. They are never stored on our servers. Credential data never appears in our server logs.

Account data and conversation history are stored in Supabase with row-level security ensuring only your own data is accessible under your authenticated user ID. Supabase is hosted on AWS infrastructure with encryption at rest and in transit.

All data in transit between the Snovai extension, our backend, and third-party services is encrypted using TLS 1.2 or higher.

Our backend is hosted on Railway. We do not log or persist ServiceNow instance data or page context data after responses are returned to you.

4. Data Sharing and Third-Party Services

We do not sell, rent, or share your personal data with advertisers or any third parties for commercial purposes. We use the following third-party services to operate Snovai:

Anthropic (Claude API): Snovai uses the Anthropic Claude API to process your messages and generate responses. Your inputs and outputs are transmitted to Anthropic's API servers. Anthropic retains API data for up to 30 days for safety monitoring purposes, after which it is deleted. Anthropic does not use API data to train its models. Snovai has disabled all optional data sharing with Anthropic. See Anthropic's privacy policy at anthropic.com/privacy.

Supabase: Used for user authentication, account storage, and conversation history storage. Data is stored in the United States on AWS infrastructure. See Supabase's privacy policy at supabase.com/privacy.

Stripe: Used for subscription payment processing. We share your name and email address with Stripe to process payments. Stripe does not receive your ServiceNow credentials, conversation history, or instance data. See Stripe's privacy policy at stripe.com/privacy.

Resend: Used for transactional email delivery. We share your email address with Resend to deliver account and billing emails. See Resend's privacy policy at resend.com/legal/privacy-policy.

Railway: Used to host our backend server infrastructure. Data passes through Railway infrastructure transiently when you use Snovai. See Railway's privacy policy at railway.app/legal/privacy.

Cloudinary: Used to host images and media assets for the Snovai website. No user data is stored on Cloudinary. See Cloudinary's privacy policy at cloudinary.com/privacy.

5. Data Retention

Account data is retained for as long as your account is active and for 30 days after deletion to allow for recovery requests.

Conversation history is retained until you delete individual conversations or request full account deletion. You can delete conversations at any time from within the Snovai extension.

ServiceNow credentials are stored locally in your browser only and are never retained on our servers. You can clear them at any time from the Snovai settings panel by clicking Clear saved.

ServiceNow instance data and page context are not retained after responses are generated. They exist in memory only for the duration of the API call.

Billing data is retained by Stripe in accordance with their data retention policies and applicable financial regulations.

6. Your Rights and Controls

You have the following rights over your personal data:

Access: You may request a copy of the personal data we hold about you by emailing hello@snovai.io.

Deletion: You may request deletion of your account and all associated data by emailing hello@snovai.io. We will process deletion requests within 30 days.

Correction: You may request correction of inaccurate personal data by emailing hello@snovai.io.

Portability: You may request an export of your conversation history by emailing hello@snovai.io.

Conversation deletion: You can delete individual conversations or your full conversation history at any time from within the Snovai extension without contacting us.

Credential removal: You can clear your stored ServiceNow credentials at any time from the Snovai settings panel without contacting us.

If you are located in the European Economic Area, United Kingdom, or California you may have additional rights under GDPR, UK GDPR, or CCPA. Contact us at hello@snovai.io to exercise any of these rights.

7. Children's Privacy

Snovai is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data please contact us at hello@snovai.io and we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Snovai interface. The effective date at the top of this page will be updated when changes are made. Continued use of Snovai after changes take effect constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, data requests, or concerns contact us at hello@snovai.io. We respond to all privacy inquiries within 5 business days.