SnapAddress is launching soon. Join the waitlist for early access and 20% off your first credit pack. Join waitlist →

Legal

Privacy Policy

Last updated 13 April 2026

This policy explains how Clearpath Labs Ltd ("we", "us") — trading as SnapAddress — collects, processes, and protects personal data when you use the SnapAddress API, dashboard, or WooCommerce plugin (the "Service"). We are the data controller for the information described here.

Who we are

Clearpath Labs Ltd is a company registered in England and Wales. For privacy queries, contact hello@snapaddress.io.

What we collect

  • Account data — your email address and authentication identifiers, held by Supabase on our behalf.
  • Billing data — Stripe customer and subscription identifiers. Payment card details are handled by Stripe and never touch our servers.
  • API credentials — we store hashes of your API keys, never the raw keys after issuance.
  • Usage events — timestamps, request metadata, and the postcode queried. Postcodes on their own are not personal data under UK GDPR, but in combination with other identifiers (e.g. your account) may be treated as personal data and are handled accordingly.
  • Operational logs — standard server logs (including IP address) retained briefly for abuse prevention and debugging.

We do not store the addresses returned to end users of your application. Address lookups are a pass-through from Royal Mail PAF data.

Why we process it

  • Contract — to provide the Service you signed up for: issuing API keys, authenticating requests, metering usage, billing.
  • Legitimate interest — to prevent abuse, protect the Service, and improve reliability.
  • Legal obligation — to retain records required for tax and accounting.

Sub-processors

We rely on the following sub-processors to run the Service:

  • Supabase — authentication and database hosting (EU region).
  • Stripe — payment processing and subscription management.
  • Vercel — website and API hosting.
  • Royal Mail — source of the PAF (Postcode Address File) data returned by the Service.

How long we keep it

  • Usage events — 13 months, to cover the billing dispute window.
  • Account and billing records — for the life of your account, plus the period required by UK tax law after deletion.
  • Server logs — up to 30 days.

Your rights under UK GDPR

You can request:

  • Access to the personal data we hold about you
  • Correction of inaccurate data
  • Erasure of your account and associated data — you can delete your account any time from the billing page
  • A portable copy of your data
  • To object to processing based on legitimate interest

To exercise any of these rights, email hello@snapaddress.io. You can also complain to the UK Information Commissioner's Office at ico.org.uk.

International transfers

Some sub-processors (e.g. Stripe, Vercel) may process data outside the UK/EEA. Where that happens, we rely on the UK International Data Transfer Agreement or equivalent safeguards.

Cookies

We use a small number of first-party cookies strictly necessary to keep you logged in and to remember your preferences. We do not use advertising or tracking cookies.

Changes to this policy

If we make material changes we will update the "last updated" date above and, where appropriate, notify you by email.