Privacy Notice
Last updated: May 9, 2026
This pre-launch notice explains what Snackbowl collects, why we collect it, how long we keep it, and how users can request deletion.
This draft matches ADR-0009's launch-blocking anti-abuse controls and still requires final legal review before public launch.
What We Collect At Signup
Snackbowl collects the account details needed to create and secure an account.
- Email address.
- Display name.
- Password credential handled by the authentication service.
- Email verification token, stored only as a salted hash.
- Cloudflare Turnstile challenge result.
- Network abuse signals used to protect free credits and plan allowances.
Raw IP addresses are processed only in flight. They are hashed before storage and are not stored as raw IP values.
Abuse-Prevention Signals
Snackbowl uses abuse-prevention checks so free credits and trial allowances cannot be harvested by automated signup scripts.
- A salted hash of the caller's IP address, using the IPv6 /64 prefix for IPv6.
- Signup outcome and timestamp.
- Whether the email domain is on a disposable-email list.
- Whether the network is classified as Tor or commercial VPN.
- In later rollout phases, a salted hash of browser fingerprint signals.
- In paid-plan flows, a salted hash of Stripe payment-method fingerprint data.
Browser fingerprinting, when enabled, is used only for abuse detection. It is not used for advertising, cross-site tracking, personalization, or sale to third parties.
How We Use The Data
- Create and authenticate user accounts.
- Send and verify email verification links.
- Protect free signup credits and plan allowances from automated abuse.
- Apply CAPTCHA challenges when a signup looks higher risk.
- Investigate abuse reports and payment fraud.
- Honor deletion and redaction requests.
Retention
Snackbowl keeps signup and anti-abuse data for the minimum practical period.
| Data | Retention |
|---|---|
| Raw IP address | Not stored |
| Hashed signup IP attempts | 30 days |
| Hashed signup device fingerprints | 90 days |
| Unconsumed email verification tokens | 24 hours |
| Consumed email verification tokens | 7 days |
| Disposable email domain list | Indefinite |
| Hashed Stripe payment-instrument users | 365 days |
| Shadow-throttle review records | Until reviewed, then 365 days |
| Signup anomaly flags | 90 days |
Retention jobs enforce these limits where the underlying tables are present.
Deletion Requests
Users can request account deletion or privacy redaction. Snackbowl deletes or redacts anti-abuse records tied to the account where the ADR-0009 data model allows it.
- Email verification tokens are deleted.
- Device fingerprint rows are deleted.
- Payment-instrument linkage rows are deleted.
- Signup anomaly flags are deleted.
- Shadow-throttle records are redacted for audit purposes.
Hashed IP attempt rows may remain when they are no longer linked to a user and are needed for platform abuse prevention within their 30-day retention window.
Third-Party Processors
- Cloudflare Turnstile for CAPTCHA challenges.
- Resend for verification email delivery.
- Stripe for payments and payment-method fraud signals.
Each processor receives only the data needed for its role.
Questions
Before public launch, this notice needs final legal review and a support contact or form for privacy requests.