Draft template — not legal advice. This document must be reviewed by a qualified lawyer and every [[bracketed]] value filled in before launch. Tenancy, consumer and data-protection rules vary by country.

Privacy Policy

Version 2026-06-07-draft-1

This policy explains how Omer Gokhan Ates ("we") handles personal data in SnapReport. We aim to meet GDPR, UK GDPR and Türkiye's KVKK standards. Questions: omergokhanatess@gmail.com.

1. Our two roles

Controller — for your account & billing data (email, password hash, plan, optional company logo, session cookie, and payment data when billing is live). Processor — for the inspection data you upload about properties and any third parties (property address, inspector/company names, optional tenant name, and interior photos). For that data you are the controller and we act on your instructions.

2. What we collect

  • Account: email address, hashed password (pbkdf2 + salt), plan, optional uploaded logo, consent timestamp.
  • Inspections you create: property address, property type, inspector name, company name, optional tenant name, per-room condition ratings and notes, and photos you upload.
  • Technical: a strictly-necessary authentication cookie (see Cookies); basic server logs.

3. AI processing & international transfers

When an AI key is configured, the photos, room notes and property address for a report are sent to our AI sub-processor Anthropic, PBC (United States) to generate the text. This is an international transfer (EEA/UK/Türkiye → US) made under appropriate safeguards (e.g. Standard Contractual Clauses / UK Addendum and the applicable KVKK transfer ground — to be confirmed by the operator/lawyer). In "demo mode" (no key) no data is sent to any third party. We do not sell your data and our sub-processors are instructed not to use it to train models. See the full sub-processor list.

4. Lawful basis

Account data: performance of our contract with you and our legitimate interest in security and billing. Inspection/tenant data: processed on your documented instructions as your processor — you are responsible for the lawful basis and for informing the individuals concerned.

5. Retention

We keep account data while your account is open. Inspection data and photos are kept until you delete them or close your account, and otherwise for no longer than [[retention period, e.g. 24 months after report generation]]. You can delete any inspection, or your whole account and all data, at any time from the Account page.

6. Your rights

You can access, rectify, export (portability) and erase your data. Use Account → Download my data and Account → Delete my account, or contact omergokhanatess@gmail.com. If a tenant or other third party contacts us about data in a report, we will refer them to the customer who created it (the controller) and assist as required.

7. Security

Passwords are hashed (pbkdf2-HMAC-SHA256 with per-user salt), sessions use signed cookies, access is ownership-checked, and public report links use unguessable tokens and are off by default. No system is perfectly secure.

8. Complaints & contact

You may complain to your supervisory authority (in Türkiye, the KVKK Board). Controller: Omer Gokhan Ates, İstanbul, Türkiye. EU/UK representative (if appointed): [[EU/UK Art. 27 representative — confirm with a lawyer if required]]. Effective: 2026-06-08.