// April 21, 2026

Privacy Policy

This Privacy Policy explains what information SNAP2DEPLOY L.L.C. (“Snap2Deploy,” “we,” or “us”) collects when you use our website and services (the “Service”), how we use and share it, and the choices you have.

By using the Service you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.

Snap2Deploy is a business-to-business tool used by IT administrators. Most information we process is submitted by our business customers as part of using the Service (where we act as a “processor” or “service provider”). For information we collect directly from visitors or account holders (such as the email you use to sign up), we act as a “controller” or “business.”

1. Information We Collect

1.1 Account and Profile Information

When you create an account, we collect:

  • Your name and work email address;
  • A hashed password (we never store passwords in plaintext);
  • Your organization/workspace name;
  • Your role within an organization (owner, admin, member).

1.2 Billing Information

When you subscribe to a paid plan, our payment processor Stripe collects your payment method and billing details directly. We do not store full credit card numbers. We receive from Stripe a customer identifier, subscription status, trial/renewal dates, and the last four digits of the card (for display purposes).

1.3 Customer Content You Submit to the Service

To perform the Service, we process content you upload or configure, including:

  • Application installers (EXE, MSI, DMG, PKG, etc.) and their metadata;
  • Packaging configurations, install commands, detection scripts, and descriptions;
  • Deployment targets (group names, device categories) that you specify;
  • MDM Integration Credentials (for example, Azure AD tenant IDs, Microsoft Graph client secrets, Jamf Pro API credentials). These are encrypted at rest using AES-256 and used only to perform actions you initiate in your own MDM tenant.

1.4 Activity and Usage Data

We log events associated with your use of the Service, including:

  • Audit events (who did what, when) such as package creation, deployment, and settings changes;
  • Automated packaging jobs and their outcomes;
  • Auto-Pilot patch scan events;
  • Server logs (IP address, user-agent, request paths, timestamps, error traces).

1.5 Cookies and Similar Technologies

We use a small number of cookies strictly necessary for the Service to function, including a session cookie for authentication and cookies used by our hosting provider for routing and security. We do not currently use advertising cookies or third-party analytics trackers. If that changes, we will update this Policy and, where required, present a consent notice.

1.6 Communications

If you contact us (e.g., by email or a support form), we retain the communication and any information you include.

2. How We Use Information

We use the information described above to:

  • Provide, operate, and maintain the Service;
  • Package, deploy, and manage applications in your MDM tenant at your direction;
  • Authenticate you and secure your account;
  • Bill you and manage your subscription;
  • Send transactional emails (verification, password reset, invitations, deployment notifications, billing notices, trial-ending reminders);
  • Monitor for fraud, abuse, and security incidents;
  • Respond to support requests and troubleshoot issues;
  • Improve the Service, including debugging and performance tuning;
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell personal information. We do not serve advertising and we do not share personal information with third parties for their own marketing purposes.

2.1 AI-Assisted Features

Some features (such as silent-install parameter detection) are described in our marketing as “AI-assisted.” In the current implementation, these features run against public software manifests (the winget manifest catalog) and a local heuristic library — not against any third-party large language model. We do not currently transmit installer metadata, installer binaries, or any other Customer information to a third-party AI provider. Any future addition of an AI provider to this flow will be disclosed first on snap2deploy.com/subprocessors and snap2deploy.com/security/ai with at least thirty (30) days’ advance notice, and will be subject to a contractual commitment that Customer content is not used to train foundation models.

3. How We Share Information

We share information only as described below.

3.1 Sub-Processors

We rely on a small number of trusted service providers to operate the Service. Each is bound by a data-processing or equivalent agreement requiring them to protect your information and use it only on our instructions.

  • Vercel, Inc. — Application hosting and edge delivery (United States).
  • Neon, Inc. — Managed Postgres database hosting (United States).
  • Stripe, Inc. — Payment processing and subscription management (United States). Stripe’s privacy practices are described at stripe.com/privacy.
  • Resend, Inc. — Transactional email delivery (United States).

The current and authoritative list of sub-processors, including any future additions, is published at snap2deploy.com/subprocessors. We will give organization owners at least thirty (30) days’ notice before adding or replacing a sub-processor.

When you initiate a deployment, the Service transmits packages and configuration you have authored to your own Microsoft Intune or Jamf Pro tenant using the Integration Credentials you supplied. These are your systems, not third-party systems we share data with.

3.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. We will require successors to honor this Policy or give you notice and an opportunity to opt out where required by law.

3.3 Legal and Safety

We may disclose information if we believe in good faith it is necessary to comply with a law, regulation, subpoena, or government request; to protect the safety of any person; to address fraud, security, or technical issues; or to defend our legal rights. Where legally permitted, we will attempt to notify the affected account holder.

4. Data Retention

We retain account and Customer Data for as long as your account is active, and for a reasonable period afterward to allow for reactivation, enforce our Terms, resolve disputes, and comply with legal obligations. Typical retention guidelines:

  • Account records and audit logs: while the account is active, plus up to 12 months after termination.
  • Integration Credentials: for as long as you choose to keep them connected; deleted from our active systems within 30 days of disconnection.
  • Uploaded installers: retained for the life of the associated package; deleted when the package is deleted.
  • Billing records: retained for up to 7 years for tax and accounting purposes.
  • Backups: residual copies may persist in encrypted backups for up to 30 days after deletion from active systems before being overwritten.

You may request deletion of your Customer Data at any time (see Section 6). We will honor valid deletion requests within a reasonable time, subject to legal retention obligations.

5. Security

We take reasonable administrative, technical, and physical safeguards designed to protect your information, including:

  • Encryption in transit (TLS) for all traffic to and from the Service;
  • Encryption at rest for databases and backups;
  • Application-level encryption (AES-256) for sensitive fields such as Integration Credentials;
  • Password hashing using industry-standard algorithms (bcrypt);
  • Role-based access controls and organization-level tenant isolation;
  • Secrets rotated on a reasonable schedule and on any suspected compromise.

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

6. Your Rights and Choices

Regardless of where you are located, you may:

  • Access, correct, or export your account information from within the Service;
  • Delete your account by contacting us at privacy@snap2deploy.com;
  • Unsubscribe from non-essential email communications (transactional and security emails cannot be opted out of while you have an active account).

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to (a) know the categories of personal information we have collected about you, (b) request deletion, (c) correct inaccurate information, (d) opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined by the CCPA), and (e) not be discriminated against for exercising these rights. To exercise these rights, contact privacy@snap2deploy.com. We will verify your request using the email on file.

6.2 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have rights under the GDPR and similar laws to access, rectify, erase, restrict, port, or object to our processing of your personal data. Our legal bases are: (i) performance of a contract (operating the Service for you), (ii) legitimate interests (security, fraud prevention, product improvement), and (iii) consent (where required).

For business customers in these jurisdictions, we will execute a Data Processing Addendum (DPA) on request. Contact privacy@snap2deploy.com.

7. International Data Transfers

Snap2Deploy operates primarily from the United States, and our sub-processors are U.S.-based. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

8. Children

The Service is intended for business use by IT professionals and is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@snap2deploy.com and we will delete it.

9. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice by email or a banner in the Service before the changes take effect. The “Last updated” date at the top of this page indicates the most recent revision.

10. Contact Us

Questions, requests, or complaints about this Policy or our data practices? Contact our privacy team at privacy@snap2deploy.com.

SNAP2DEPLOY L.L.C.
9 Pinewood Road
Milford, NJ 08848