SnapApp and Data Privacy

Overview of SnapApp and Data Privacy

March 1, 2018

1. SnapApp overview

The SnapApp interactive content marketing platform provides marketers the power to create, publish, promote, and measure engaging interactive content experiences as part of their demand generation and customer marketing initiatives (each such experience is a separate “App”).  SnapApp is a multi-tenant SaaS solution, which customers use in self-serve or managed-services mode to build content to their specification. SnapApp does not provide custom software development or custom agency/professional services to customers.

Customers usually configure their Apps to gate marketing content and securely deliver user lead data to their marketing automation platform through either APIs or web-forms, provided by each marketing automation provider. The data collected through their Apps is at each Customer’s discretion and as such is subject to their individual Privacy Policy. While the content collected is often Personally Identifiable Information (PII) it is of a general business nature.  SnapApp’s Terms of Service expressly prohibit customers from using the SnapApp platform to collect “sensitive information” such as financial, health, government, or employment information.

All such data collected passes through SnapApp’s servers and as such SnapApp is deemed the processor of such data with the Customer remaining the controller of said data.  Under the Terms of Service, SnapApp is prohibited from using any of the PII collected, which remains the property of the Customer at all times.

2. Platform infrastructure

SnapApp is a multi-tenant web hosted solution that enables customers to build and host the Apps they create on the SnapApp platform and then use embed code to serve the content to targeted end users from a variety of web sources including CMS landing pages, social media platforms, and responsive mobile web pages.  Apps are served as javascript within an iframe.

SnapApp production applications and services are entirely hosted in an Amazon Web Services (AWS) environment, creating a shared responsibility security model with AWS.  AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. In turn, SnapApp assumes responsibility and management of the guest operating system (including updates and security patches), application software, and the configuration of the AWS-provided firewall support.

The specifics regarding SnapApp’s approach to data privacy and security are documented in the SnapApp IT Security (currently v2.1) document, which can be downloaded here.

Information regarding AWS’s approach to data privacy and protection can be found here.

3. Commitment to Data Protection – Privacy Shield Certification

SnapApp considers the security of our customers’ data a top priority.  As described in the SnapApp IT  Security document referenced above, we have enacted measures designed to maximize protection of customer data, while being as unobtrusive as possible.

SnapApp meets globally recognized EU-US and Swiss-US Privacy Shield data privacy requirements and has achieved Truste Certified Privacy certification. The Truste Certified privacy seal is displayed on the website and details about SnapApp’s EU-US and Swiss-US Privacy Shield certification are available on the official Privacy Shield website here.

4. SnapApp and GDPR

SnapApp’s position on the EU General Data Protection Regulation (GDPR) has been formulated in conjunction with our European counsel and is summarized as follows:

Don't get left out. Subscribe to our blog and always be in the know.