Snottebel

Privacy policy

Last updated : 21 May 2026

1. Data controller

The controller of personal data collected via Snottebel is:

[TO BE COMPLETED — First name LAST NAME], sole proprietorship, [TO BE COMPLETED — address], CBE [TO BE COMPLETED]. Contact: [TO BE COMPLETED — contact@snottebel.be].

2. Personal data collected

We collect the following categories of data:

  • Account data: email address, password (hashed), display name.
  • Usage data: contest participations marked by you, comments posted, ratings given.
  • Payment data: email address transmitted to Stripe when subscribing to Premium. Card data is collected and stored directly by Stripe and never passes through our servers.
  • Technical data: IP address (transient, server logs), browser type, cookies (see cookie policy).
  • Contact data: information voluntarily provided via the contact form.

3. Purposes of processing

Your data is processed to:

  • create and manage your account (authentication, password recovery);
  • provide the Premium service (subscription management, personal statistics);
  • handle your participation in the listed contests;
  • moderate comments and prevent abuse;
  • respond to your requests via the contact form;
  • ensure the security of the Site (anti-bot, anti-fraud).

4. Legal bases (GDPR art. 6)

  • Contract performance: account creation, Premium subscription, handling contact requests.
  • Consent: preference cookies, optional communications. You can withdraw your consent at any time.
  • Legitimate interest: security of the Site, fraud prevention, moderation.
  • Legal obligation: retention of invoices and accounting data.

5. Recipients and processors

Your data may be passed to the following processors, acting on our behalf and in compliance with the GDPR:

  • Supabase (database hosting and authentication — Singapore, with EU servers available)
  • Vercel (application hosting — United States, transfer covered by EU Commission Standard Contractual Clauses)
  • Stripe Payments Europe Ltd (payments — Ireland, with US sub-processor for processing)
  • Resend (transactional email delivery — United States, Standard Contractual Clauses)
  • Cloudflare Turnstile (anti-bot protection — United States, Standard Contractual Clauses)

No data is sold, rented or transferred to third parties for commercial purposes.

6. Transfers outside the European Union

Some processors handle data outside the EEA. These transfers are covered by the Standard Contractual Clauses adopted by the European Commission (decision 2021/914) and, where applicable, by additional measures (encryption in transit and at rest).

7. Retention periods

  • User account: kept as long as the account is active; deleted (with anonymisation of participations) on request.
  • Participations and comments: kept as long as the account is active; anonymised or deleted on account deletion request.
  • Stripe billing data: 7 years (Belgian accounting obligation).
  • Connection and IP logs: 12 months maximum (security).
  • Contact form requests: 1 year after the last interaction.
  • Cookies: see cookie policy (12 months maximum).

8. Your rights (GDPR art. 15 to 22)

You have the following rights at any time:

  • Access: obtain a copy of the data concerning you.
  • Rectification: correct inaccurate data (editable from your profile or upon request).
  • Erasure ("right to be forgotten"): delete your account from My account > Profile > Danger zone.
  • Restriction of processing: temporarily suspend processing.
  • Portability: receive your data in a structured, machine-readable format (JSON export available from your profile).
  • Objection: object to processing based on legitimate interest.
  • Withdrawal of consent: possible at any time, without retroactive effect.

To exercise these rights, contact us at [TO BE COMPLETED — contact@snottebel.be]. Response within 1 month.

9. Complaint to the supervisory authority

You have the right to lodge a complaint with the Data Protection Authority (DPA): Rue de la Presse 35, 1000 Brussels — https://www.dataprotectionauthority.be — contact@apd-gba.be.

10. Security

We implement appropriate technical and organisational measures: TLS encryption in transit, hashed passwords (bcrypt), access isolation via RLS rules at database level, strict separation of server secrets, Cloudflare Turnstile anti-bot protection.

11. Cookies

The use of cookies is the subject of a separate policy, accessible from the footer.

12. Changes

This policy may be updated. The date of the latest update is shown at the top of the document. Substantial changes will be notified to you by email or via a banner in the application.