1. General Information

Your privacy is extremely important to us, and we take our responsibility to safeguard your personal data very seriously. We are committed to ensuring that all personal data is processed in compliance with applicable privacy regulations, including the General Data Protection Regulation (GDPR).

This Privacy Policy outlines how Nixfix processes personal data through its brand UpSnatch. It is applicable to any personal data collected or processed from users ("you") of the services, websites, and apps provided under the UpSnatch brand.

By using our services, you acknowledge and agree to the processing of your personal data as described in this Privacy Policy.

If you have any questions, concerns, or require further clarification regarding this Privacy Policy, feel free to reach out to us via email at [email protected].

2. Data Controller

Nixfix, a company registered under BTW BE 0747.701.932 and headquartered in Belgium, acts as the data controller for personal data processed as part of UpSnatch's services. This means we are responsible for determining the purposes and means of processing your personal data.

While we do not process data on behalf of third parties, we work with select service providers to enable the delivery, security, analytics, and marketing of our services:

• Amazon Web Services (AWS): Provides cloud hosting, infrastructure, and related storage services used to operate UpSnatch.
• Amazon Cognito: Manages user authentication and identity services for account access, including federated sign-in flows such as Google sign-in through Cognito.
• Stripe: Handles secure payment processing, billing-related workflows, and the confidentiality of financial transactions.
• Google: May provide analytics, font delivery, and identity-provider data where you choose to sign in with Google through Amazon Cognito.
• Meta: May provide website advertising and conversion measurement services.
• Tolt: May provide referral and affiliate tracking services.

These service providers operate under contractual, technical, and organizational safeguards intended to protect personal data in accordance with applicable data protection laws, including GDPR where applicable.

3. What Personal Data Do We Collect?

We collect personal data that you provide directly, as well as data generated automatically when you interact with our services. This includes, but is not limited to:

3.1. Data You Provide

• Identification and contact details, such as your name, email address, and postal or billing address, when creating an account or subscribing to a service.
• Profile information, such as display name and profile picture, when this is provided through Amazon Cognito or through an identity provider you choose to use, such as Google via Cognito.
• Payment details, including billing address, payment method, and other payment-related account identifiers, for processing transactions securely.
• Communication preferences, specifying how and where you prefer to receive updates or notifications from us.

If you choose to sign in with Google, UpSnatch may receive limited account information from Google through Amazon Cognito using the openid, email, and profile scopes. This may include your Google account identifier, name, email address, and profile picture. We use this information only to authenticate your account, create or link your UpSnatch profile, and maintain account security. We do not request access to Gmail, Google Drive, Google Contacts, Google Calendar, or other Google user data.

UpSnatch's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.2. Data Collected Automatically

• IP address, device type, browser information, and similar technical data collected during your interaction with our websites or applications.
• Usage data, such as session activity, the pages or features accessed, referral information, and interaction timestamps.
• Cookie-based or similar tracking information used to support site functionality, measure performance, and support marketing activities (see our Cookie Policy for details).

We strive to limit data collection to what is necessary for the proper delivery of our services, in line with the principles of data minimization. We do not request a phone number as part of our standard account sign-in scopes.

4. Why Do We Process Your Data?

Your personal data is processed for several reasons, each tied to a specific legal basis under GDPR:

4.1. Performance of a Contract

When you use our services, we process your personal data to:

• Create and manage your account securely, including authenticating users through Amazon Cognito.
• Facilitate payment transactions and issue invoices.
• Deliver the services you have subscribed to or requested.

4.2. Legal Obligations

We process your personal data to comply with statutory obligations, such as financial reporting, tax filings, and responding to regulatory requirements.

4.3. Legitimate Interests

We also process your personal data for purposes aligned with our legitimate interests, such as:

• Improving our services by analyzing usage patterns, site performance, and user feedback.
• Ensuring the security and integrity of our platforms and infrastructure.
• Sending you updates about service enhancements, offers, and events relevant to your subscriptions.
• Detecting and preventing fraud or misuse of our services.

5. Sharing of Data

Your personal data is not shared with third parties for their independent use except where necessary to provide requested services, comply with legal obligations, support our legitimate business operations, or where you have provided consent. We may share your information with the following trusted partners:

• Amazon Web Services (AWS): For secure hosting, infrastructure, and storage services.
• Amazon Cognito: For authentication, identity management, and federated sign-in.
• Stripe: For billing, subscriptions, invoicing, and secure payment processing.
• Google: For analytics, font delivery, and identity-provider data where you choose Google sign-in through Cognito.
• Meta: For marketing measurement and related advertising services.
• Tolt: For referral attribution and affiliate tracking.

All service providers are expected to handle personal data under appropriate contractual and technical safeguards and to implement measures designed to protect the security and confidentiality of that data.

6. International Data Transfers

Where data is transferred to servers or locations outside the European Economic Area (EEA), such as the US, we ensure these transfers comply with GDPR requirements by implementing:

• Standard contractual clauses approved by the European Commission.
• Binding agreements that guarantee equivalent levels of protection as required within the EEA.

If you have concerns about data transfers, please contact us at [email protected].

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. After the retention period, your data will be securely deleted or anonymized.

For detailed retention periods, you can contact us at [email protected].

8. Protecting Your Data

We use robust technical and organizational measures to safeguard your personal data from unauthorized access, disclosure, or alteration. These measures include:

• Encryption of sensitive data during storage and transmission.
• Regular security audits and vulnerability assessments.
• Strict access controls for employees and service providers.

9. Your Rights

The right to data protection is a fundamental right in the European Union. Even when you share your personal data with companies, you should always be able to maintain control over it. At Nixfix, you can exercise your rights regarding access, rectification, and deletion of your personal data. Requests to exercise these rights can be directed to us via email at [email protected].

9.1. Right to Access

You have the right to access your personal data and obtain information about how it is processed, including:

• The purposes of processing.
• The categories of personal data processed.
• The recipients or categories of recipients who have access to your data.
• The retention period or the criteria used to determine it.
• The source of the data, if not directly provided by you.
• The existence of any automated decision-making, including profiling, and meaningful information about the logic involved, as well as the consequences of such processing.

9.2. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. Simply contact us at [email protected] to submit your request.

9.3. Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion of your personal data in the following cases:

• Your personal data is no longer necessary for the purposes for which it was collected.
• You object to the processing (see below) and there are no overriding legitimate grounds.
• Your personal data has been processed unlawfully.
• We are required to delete your data to comply with a legal obligation.

Please note that certain legal or regulatory obligations may require us to retain some of your personal data.

9.4. Right to Restriction of Processing

In specific circumstances, you have the right to request a restriction on the processing of your personal data, such as when:

• You contest the accuracy of your personal data, allowing us time to verify its accuracy.
• The processing is unlawful, but you prefer restriction over deletion.
• We no longer need the data, but you require it for legal claims.
• You have objected to the processing, pending verification of our legitimate grounds for processing.

9.5. Right to Data Portability

You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another data controller where technically feasible.

9.6. Right to Object

You have the right to object to the processing of your personal data in the following situations:

• For direct marketing purposes, including profiling related to such marketing.
• When processing is based on our legitimate interests or those of a third party, unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

9.7. Right to File a Complaint

If you believe your rights are not being upheld, you have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit) using the contact details below:

• Address: Rue de la Presse 35, 1000 Brussels, Belgium
• Phone: +32(0)2 274 48 00 or +32(0)2 274 48 35
• Email: [email protected]
• Website: https://www.gegevensbeschermingsautoriteit.be/

To exercise any of the above rights, please contact us via email at [email protected]. We will respond to your request within 30 days of receipt.

10. Updates to This Policy

This policy may be updated periodically to reflect changes in our services, infrastructure, or regulatory requirements. The latest version will always be available on our website.

This policy was last updated on 2nd April 2026. For archived versions, contact us at [email protected].