Back to Legal

Privacy Policy

Effective Date: January 6th, 2026

This Privacy Policy describes how Bloxsnap B.V. (“Bloxsnap”, “we”, “us”) collects, uses, and protects personal data when you use our cloud-based Platform, including our SaaS, PaaS, and AI-assisted workflow capabilities.

1. Our Dual Roles: Controller and Processor

  • Bloxsnap as Data Controller: We act as the Data Controller for information related to your account management, billing, and technical metadata.
  • Bloxsnap as Data Processor: For the code, content, and data you or your end-users host on our infrastructure (“Customer Data”), you are the Data Controller and Bloxsnap is the Data Processor. We process this data solely based on your documented instructions.

2. Information We Collect

We collect various types of information to provide and secure our Services:

  • Account Data: Names, contact information, and authentication credentials managed via our enterprise-grade Identity and Access Management (IAM).
  • Billing Information: Payment details provided via the Platform to manage your subscription.
  • Service Metadata: Technical logs, telemetry, and metadata related to your usage of our APIs and AI models.
  • Customer Data: Any personal data submitted by you or your End-Users via the Platform.

3. How We Use Data

  • Service Provision: To operate, maintain, and provide the Platform, including AI-agentic workflow capabilities.
  • AI Processing: We process Customer Data for AI features solely to provide the Service as instructed. We do not use Customer Data for independent model training or platform improvement.
  • Security & Compliance: To monitor for violations of our Acceptable Use Policy (AUP), available at https://bloxsnap.com/legal/aup, such as malware distribution or fraud.
  • Anonymized Data: We may generate anonymized or aggregated data for optimization, provided it does not identify any natural person or specific customer.

4. Data Sharing and Sub-processors

  • Authorized Sub-processors: We use third-party sub-processors to provide essential infrastructure. A current list of (Sub-)Processors is available at https://bloxsnap.com/legal/subprocessors.
  • Protective Obligations: All sub-processors are bound by data protection obligations no less protective than those in our Data Processing Agreement (DPA), available at https://bloxsnap.com/legal/dpa.
  • Legal Necessity: We may report illegal activity to law enforcement if we detect violations of the AUP.

5. Security and Data Breaches

  • Technical Measures: We implement Article 32 GDPR-compliant security, including encrypted backups and access controls.
  • Notification: In the event of a personal data breach, we will notify the affected Controller without undue delay, and no later than 72 hours after becoming aware of the incident.

6. Data Retention and Deletion

The period for which we retain data depends on your agreement type:

  • Standard ToS Users: Customer Data is typically deleted after a 30-day grace period following termination.
  • MSA/B2B Users: Customer Data is retained for a 60-day export period following termination, after which it is deleted.
  • Immediate Deletion: Accounts terminated for severe security violations (e.g., botnets or malware) may be wiped immediately without a grace period.

7. Your Rights (GDPR)

Under the GDPR, you and your End-Users have rights including:

  • Access and Rectification: Requesting copies of or corrections to personal data.
  • Erasure and Portability: Requesting data deletion or transfer to another service.
  • Objection: Objecting to specific processing activities.
  • Assistance: Bloxsnap will assist you in fulfilling these requests to the extent technically feasible.

8. Governance and Contact

  • Governing Law: This policy is governed by the laws of the Netherlands.
  • Jurisdiction: Any disputes shall be submitted to the courts in Amsterdam.

Contact Information: Bloxsnap B.V. Kraijenhoffstraat 137 A, 1018RG Amsterdam KvK Number: 99419998

Email: legal@bloxsnap.com