Snippable

Legal · Privacy

Privacy Policy

Last updated: 9 June 2026 · Applies to snippable.in and app.snippable.in

This Privacy Policy explains what personal data Snippable collects, why we collect it, how we store and secure it, how long we keep it, and the rights you have over it. It is written to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and, for data we receive from Google APIs, with the Google API Services User Data Policy. We chose plain language over legalese on purpose.

1. Who we are (Data Fiduciary)

Snippable is a product of Dhisattva AI Pvt Ltd, a company incorporated in India and recognised as a startup by DPIIT. Under the DPDP Act, Dhisattva AI Pvt Ltd is the Data Fiduciary for the personal data described in this policy — meaning we determine the purpose and means of processing your data and are accountable for protecting it.

For any privacy question, request, or complaint, contact our Grievance Officer at privacy@bachao.ai (see §10).

2. Data we collect

We collect only what we need to run the service. Specifically:

  • Account data — your name and email address (via our authentication provider) when you sign up, and your role/workspace assignments.
  • Workspace & site data — the website domain(s) you add, pages, content drafts, SEO tasks, and the fixes our agents propose and publish.
  • Google Search Console & Google Analytics data — only after you explicitly connect your Google account (see §3).
  • Billing data — handled by our payment processors (Razorpay / Cashfree). We store invoice metadata and GST details; we never see or store your full card number.
  • Operational logs — minimal technical logs (timestamps, request status, error traces) to keep the service secure and working. We do not place personal data in URLs or log secrets.

3. Google user data & Limited Use

If you connect your Google account, Snippable requests these read-only scopes, and only these:

  • https://www.googleapis.com/auth/webmasters.readonly — to read your Google Search Console performance (queries, clicks, impressions, positions, indexing status) so our agents can find what's underperforming.
  • https://www.googleapis.com/auth/analytics.readonly — to read your Google Analytics 4 traffic and engagement metrics so we can measure whether a fix actually moved the needle.

We request read-only access. Snippable cannot modify, delete, or write anything in your Google Search Console or Analytics accounts.

Limited Use disclosure. Snippable's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Concretely: we use Google data only to provide and improve the user-facing SEO features you asked for; we do not sell it, do not use it for advertising, do not transfer it to third parties except as needed to provide the service (and never for their own purposes), and do not allow humans to read it except where you explicitly ask us to, where required for security or to comply with law, or on data that has been aggregated/anonymised.

You can disconnect Google at any time from your workspace settings, or revoke access directly at myaccount.google.com/permissions. On disconnect we delete the stored tokens immediately (see §6).

4. Why we process it (purpose)

We process your data for these specified, lawful purposes only:

  • To authenticate you and run your workspace.
  • To analyse your site's search/analytics performance and generate SEO recommendations.
  • To draft and (where you've enabled it) publish content fixes to your own site.
  • To measure the impact of those fixes and report it back to you.
  • To bill you and issue GST-compliant invoices.
  • To keep the service secure, debug issues, and comply with legal obligations.

We do not use your data for any purpose incompatible with the above without fresh consent.

6. Data retention & deletion

We keep personal data only as long as it serves the purpose it was collected for, then we erase it. Our retention schedule:

DataRetention
Google OAuth tokens (access/refresh)Until you disconnect Google or delete your account — then deleted immediately.
Google Search Console / GA4 metrics we've pulledWhile your workspace is active; deleted within 30 days of account deletion or Google disconnect.
Account & workspace data (sites, pages, tasks, drafts)While your account is active; deleted within 30 days of account closure.
Billing & tax records (invoices, GST)Retained as required by Indian tax/accounting law (typically up to 8 years), then deleted.
Operational/security logsUp to 90 days, then rotated out.

You can request deletion at any time by emailing privacy@bachao.ai. We action verified deletion requests within 30 days, except where law requires longer retention (e.g. tax records), in which case we restrict that data to that sole purpose.

7. How we secure your data

  • Encryption at rest — sensitive secrets (including Google tokens) are encrypted with AES-256-GCM before they touch the database.
  • Encryption in transit — all traffic is over TLS/HTTPS.
  • Tenant isolation — each workspace's data is logically isolated; one customer's data is never served to another. Access is scoped and fails closed.
  • Least privilege — we request read-only Google access and limit internal access to data.
  • No secrets in logs — tokens and secrets are never written to logs or error messages.

No system is perfectly secure, but we take reasonable security safeguards as required by the DPDP Act.

8. Sharing & data processors

We do not sell your personal data. We share it only with processors that help us run the service, bound by contract to protect it and use it only on our instructions:

  • Cloud hosting & database — to run the application and store your data.
  • Authentication provider — to sign you in securely.
  • AI model provider (Anthropic) — to generate SEO recommendations and content drafts. Your site content/metrics may be processed to produce these outputs; it is not used to train third-party models.
  • Payment processors (Razorpay / Cashfree) — to process payments and issue invoices.
  • Google — only to read the data you authorised.

We may also disclose data where required by law, or to protect our rights, users, or the public.

9. Your rights (DPDP Act)

As a Data Principal under the DPDP Act, you have the right to:

  • Access — a summary of the personal data we process about you and how.
  • Correction & completion — to fix inaccurate or incomplete data.
  • Erasure — to have your data deleted when it's no longer needed or you withdraw consent.
  • Withdraw consent — at any time (see §5).
  • Grievance redressal — to a readily available means of raising and resolving complaints (see §10).
  • Nominate — to nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any right, email privacy@bachao.ai. We may need to verify your identity first.

10. Grievance redressal

If you have a complaint about how we handle your data, contact our Grievance Officer:

Grievance Officer, Dhisattva AI Pvt Ltd
Email: privacy@bachao.ai

We will acknowledge your grievance and respond within the timelines required by the DPDP Act and its rules. If you're not satisfied with our response, you may escalate to the Data Protection Board of India.

11. Children's data

Snippable is a business tool not directed at children. We do not knowingly process the personal data of anyone under 18 without verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child's data has reached us, email privacy@bachao.ai and we'll delete it.

12. Cross-border transfers

Some of our processors may store or process data outside India. Where this happens we rely on processors with appropriate safeguards and only transfer to countries not restricted by the Government of India under the DPDP Act. Your data is handled under this policy wherever it is processed.

13. Cookies

The marketing site (snippable.in) uses no tracking or advertising cookies. The application (app.snippable.in) uses strictly necessary cookies to keep you signed in and your session secure. We do not use third-party advertising cookies.

14. Breach notification

In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines required by the DPDP Act and its rules.

15. Changes to this policy

We may update this policy as the service or the law evolves. We'll change the "Last updated" date above and, for material changes affecting your rights, notify you in-app or by email.

16. Contact

Dhisattva AI Pvt Ltd (operating Snippable)
Privacy & Grievance: privacy@bachao.ai
Support: support@bachao.ai

© 2026 Dhisattva AI Pvt Ltd · DPIIT Recognized Startup · Made in India · Terms of Service